[no] exponential-backoff
config>system>login-control
Supported on all 7210 SAS platforms as described in this document
This command enables the exponential backoff of the login prompt. The exponential-backoff command is used to deter dictionary attacks, when a malicious user can gain access to the CLI by using a script to try admin with any conceivable password.
The no form of this command disables exponential backoff.
no exponential-backoff
ftp
config>system>login-control
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure FTP login control parameters.
idle-timeout {minutes | disable}
no idle-timeout
config>system>login-control
Supported on all 7210 SAS platforms as described in this document
This command configures the idle timeout for FTP, console, or Telnet sessions before the session is terminated by the system.
By default, an idle FTP, console, SSH, or Telnet session times out after 30 minutes of inactivity. This timer can be set per session.
The no form of this command reverts to the default value.
idle-timeout 30
Specifies the idle timeout in minutes. Allowed values are 1 to 1440. A value of 0 implies that the sessions never timeout.
Keyword specifying that a session will never timeout. To re-enable idle timeout, enter the command without the disable option.
inbound-max-sessions value
no inbound-max-sessions
config>system>login-control>ftp
Supported on all 7210 SAS platforms as described in this document
This command configures the maximum number of concurrent inbound FTP sessions.
This value is the combined total of inbound and outbound sessions.
The no form of this command reverts to the default value.
inbound-max-sessions 3
Specifies the maximum number of concurrent FTP sessions on the node.
inbound-max-sessions value
no inbound-max-sessions
config>system>login-control>telnet
Supported on all 7210 SAS platforms as described in this document
This command limits the number of inbound Telnet and SSH sessions. A maximum of 15 Telnet and SSH connections can be established to the router. The local serial port cannot be disabled.
The no form of this command reverts to the default value.
inbound-max-sessions 5
Specifies the maximum number of concurrent inbound Telnet sessions, expressed as an integer.
[no] login-banner
config>system>login-control
Supported on all 7210 SAS platforms as described in this document
This command enables or disables the display of a login banner. The login banner contains the 7210 SAS copyright and build date information for a console login attempt.
The no form of this command causes only the configured pre-login message and a generic login prompt to display.
login-control
config>system
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure the session control for the console, Telnet, and FTP.
motd {url url-prefix: source-url | text motd-text-string}
no motd
config>system>login-control
Supported on all 7210 SAS platforms as described in this document
This command configures the message of the day displayed after a successful console login. Only one message can be configured.
The no form of this command removes the message.
Specifies the URL prefix and source URL of the file containing the message of the day. When the message of the day is present as a text file, provide both url-prefix and the source-url of the file containing the message of the day. The URL prefix can be local or remote.
Specifies the text of the message of the day. The motd-text-string must be enclosed in double quotes. Multiple text strings are not appended to one another.
Some special characters can be used to format the message text. The ‟\n” character creates multi-line MOTDs and the ‟\r” character restarts at the beginning of the new line. For example, entering ‟\n\r” starts the string at the beginning of the new line, while entering ‟\n” starts the second line following the last character from the first line.
outbound-max-sessions value
no outbound-max-sessions
config>system>login-control>telnet
Supported on all 7210 SAS platforms as described in this document
This command limits the number of outbound Telnet and SSH sessions. A maximum of 15 Telnet and SSH connections can be established from the router. The local serial port cannot be disabled.
The no form of this command reverts to the default value.
outbound-max-sessions 5
Specifies the maximum number of concurrent outbound Telnet sessions, expressed as an integer.
pre-login-message login-text-string [name]
no pre-login-message
config>system>login-control
Supported on all 7210 SAS platforms as described in this document
This command configures a message displayed before console login attempts on the console using Telnet.
Only one message can be configured. If multiple pre-login-messages are configured, the last message entered overwrites the previous entry.
It is possible to add the name parameter to an existing message without affecting the current pre-login-messages.
The no form of this command removes the message.
Specifies a login text string, up to 900 characters. Any printable, 7-bit ASCII characters can be used. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
When the keyword name is defined, the configured system name is always displayed first in the login message. To remove the name from the login message, the message must be cleared and a new message entered without the name.
ssh
config>system>login-control
config>system>security
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure SSH parameters.
[no] disable-graceful-shutdown
config>system>login-control>ssh
Supported on all 7210 SAS platforms as described in this document
This command enables graceful shutdown of SSH sessions.
The no form of this command disables graceful shutdown of SSH sessions.
client-cipher-list protocol-version version
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command enables the configuration of a list of allowed ciphers by the SSH client.
Specifies the SSH version.
cipher index name cipher-name
no cipher index
config>system>security>ssh>client-cipher-list
config>system>security>ssh>server-cipher-list
Supported on all 7210 SAS platforms as described in this document
This command enables the configuration of a cipher. Client-ciphers are used when the 7210 SAS is acting as an SSH client. Server ciphers are used when the 7210 SAS is acting as an SSH server.
The no form of this command removes the index and cipher name from the configuration.
no cipher index
Specifies the index of the cipher in the list.
Specifies the algorithm used when performing encryption or decryption.
client-mac-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure SSH MAC algorithms for the 7210 SAS acting as a client.
mac index name mac-name
no mac index
config>system>security>ssh>client-mac-list
config>system>security>ssh>server-mac-list
Supported on all 7210 SAS platforms as described in this document
This command allows the user to configure SSH MAC algorithms for the 7210 SAS acting as an SSH server or an SSH client.
The no form of this command removes the specified mac index.
no mac index
Specifies the index of the algorithm in the list.
Specifies the algorithm for calculating the message authentication code.
client-kex-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document, except the 7210 SAS-D
Commands in this context configure SSH KEX algorithms for the 7210 SAS in the client role.
By default, the SSH advertises a KEX list that contains the following algorithms:
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
kex index name kex-name
no kex index
config>system>security>ssh>client-kex-list
config>system>security>ssh>server-kex-list
Supported on all 7210 SAS platforms as described in this document, except the 7210 SAS-D
This command configures phase 1 SSHv2 KEX algorithms for the 7210 SAS in the SSH server or an SSH client role.
The no form of this command removes the specified KEX index. If all KEX indexes are removed, the default list is used.
Specifies the index of the algorithm in the list. The lowest KEX index is negotiated first and the highest index, which is at the bottom of the KEX list, is negotiated last in the SSH negotiation.
Specifies the KEX algorithm for computing the shared secret key.
[no] preserve-key
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
After enabling this command, private keys, public keys, and host key files are saved by the server. They are restored following a system reboot or restart of the SSH server.
The no form of this command specifies that the keys are held in memory by the SSH server and are not restored following a system reboot.
no preserve-key
server-cipher-list protocol-version version
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command enables the configuration of the list of allowed ciphers by the SSH server.
Specifies the SSH version.
server-kex-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document, except the 7210 SAS-D
Commands in this context configure SSH KEX algorithms for the 7210 SAS in the SSH server role.
By default, the SSH advertises a KEX list that contains the following algorithms:
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
server-mac-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command allows the user to configure SSH MAC algorithms for the 7210 SAS acting as an SSH server.
[no] server-shutdown
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command enables the SSH servers running on the system. By default, only the SSH server is enabled at startup.
version ssh-version
no version
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command specifies the SSH protocol version that is supported by the SSH server.
version 2
Specifies the SSH version.
telnet
config>system>login-control
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure the Telnet login control parameters.
[no] enable-graceful-shutdown
config>system>login-control>telnet
Supported on all 7210 SAS platforms as described in this document
This command enables graceful shutdown of Telnet sessions.
The no form of this command disables graceful shutdown of Telnet sessions.