2-3
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter 2 Configuring the Secure Shell Daemon Protocol
Configuring SSH Access
Configuring SSH Access
SSH access to the CSS is enabled by default through the no restrict ssh
command. You can verify the SSH access selection in the running-config file.
To enhance security when using SSHD, disable Telnet access (Telnet access is
enabled by default). Use the telnet-access disable command as described in
Chapter 1, Controlling CSS Access.
To enable SSH access to the CSS, enter:
(config)# no restrict ssh
To disable SSH access, enter:
(config)# restrict ssh
Configuring SSHD in the CSS
The CSS provides the following commands for configuring SSHD:
• sshd keepalive - Enables TCP keepalive messages
• sshd port - Specifies the SSHD port
• sshd server-keybits - Sets the number of bits in the ephemeral protocol
server key (SSH v1 only)
• sshd version - Configures the version of SSH protocol that the CSS supports.
Ensure you enable SSHD access to the CSS for SSHD to accept connections from
SSH clients. By default, SSH access is enabled through the no restrict ssh global
command.
Configuring SSHD Keepalive
The CSS supports sending TCP keepalive messages to the client as a means for
the server to determine whether the SSHD connection to the client is functioning
(for example, if the network has gone down or the client has become
unresponsive). If you disable sending SSHD keepalives to a client, sessions may
hang indefinitely on the server, which consumes system resources.
