[no] exponential-backoff
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables the exponential backoff of the login prompt. The exponential-backoff command is used to deter dictionary attacks, when a malicious user can gain access to the CLI by using a script to try admin with any conceivable password.
The no form of this command disables exponential backoff.
no exponential-backoff
ftp
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
Commands in this context configure FTP login control parameters.
idle-timeout {minutes | disable}
no idle-timeout
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures the idle timeout for FTP, console, or Telnet sessions before the session is terminated by the system.
By default, an idle FTP, console, SSH, or Telnet session times out after 30 minutes of inactivity. This timer can be set per session.
The no form of this command reverts to the default value.
idle-timeout 30
Specifies the idle timeout in minutes. Allowed values are 1 to 1440. A value of 0 implies that the sessions never timeout.
Keyword to specify that a session will never timeout. To re-enable idle timeout, enter the command without the disable option.
inbound-max-sessions value
no inbound-max-sessions
config>system>login-control>ftp
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures the maximum number of concurrent inbound FTP sessions.
This value is the combined total of inbound and outbound sessions.
The no form of this command reverts to the default value.
3
Specifies the maximum number of concurrent FTP sessions on the node.
inbound-max-sessions value
no inbound-max-sessions
config>system>login-control>telnet
config>system>login-control>ssh
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This parameter limits the number of inbound Telnet and SSH sessions. A maximum of 15 Telnet and SSH connections can be established to the router. The local serial port cannot be disabled.
The no form of this command reverts to the default value.
5
Specifies the maximum number of concurrent inbound Telnet sessions, expressed as an integer.
[no] login-banner
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables or disables the display of a login banner. The login banner contains the 7210 SAS copyright and build date information for a console login attempt.
The no form of this command causes only the configured pre-login message and a generic login prompt to display.
login-control
config>system
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
Commands in this context configure the session control for the console, Telnet, and FTP.
motd {url url-prefix: source-url | text motd-text-string}
no motd
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command creates the message of the day displayed after a successful console login. Only one message can be configured.
The no form of this command removes the message.
When the message of the day is present as a text file, provide both url-prefix and the source-url of the file containing the message of the day. The URL prefix can be local or remote.
Specifies the text of the message of the day. The motd-text-string must be enclosed in double quotes. Multiple text strings are not appended to one another.
Some special characters can be used to format the message text. The ‟\n” character creates multi-line MOTDs and the ‟\r” character restarts at the beginning of the new line. For example, entering ‟\n\r” will start the string at the beginning of the new line, while entering ‟\n” will start the second line below the last character from the first line.
outbound-max-sessions value
no outbound-max-sessions
config>system>login-control>telnet
config>system>login-control>ssh
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This parameter limits the number of outbound Telnet and SSH sessions. A maximum of 15 Telnet and SSH connections can be established from the router. The local serial port cannot be disabled.
The no form of this command reverts to the default value.
outbound-max-sessions 5
Specifies the maximum number of concurrent outbound Telnet sessions, expressed as an integer.
pre-login-message login-text-string [name]
no pre-login-message
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command creates a message displayed before console login attempts on the console via Telnet.
Only one message can be configured. If multiple pre-login-messages are configured, the last message entered overwrites the previous entry.
It is possible to add the name parameter to an existing message without affecting the current pre-login-message.
The no form of this command removes the message.
The string can be up to 900 characters. Any printable, 7-bit ASCII characters can be used. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Keyword to always display the configured system name first in the login message. To remove the name from the login message, the message must be cleared and a new message entered without the name.
ssh
config>system>security
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
Commands in this context configure the SSH parameters.
[no] disable-graceful-shutdown
config>system>login-control>ssh
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables graceful shutdown of SSH sessions.
The no form of this command disables graceful shutdown of SSH sessions.
client-cipher-list protocol-version version
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command enables the configuration of a list of allowed ciphers by the SSH client.
Specifies the SSH version.
cipher index name cipher-name
no cipher index
config>system>security>ssh>client-cipher-list
config>system>security>ssh>server-cipher-list
Supported on all 7210 SAS platforms as described in this document
This command enables the configuration of a cipher. Client-ciphers are used when the 7210 SAS is acting as an SSH client. Server ciphers are used when the 7210 SAS is acting as an SSH server.
The no form of this command removes the index and cipher name from the configuration.
no cipher index
Specifies the index of the cipher in the list.
Specifies the algorithm used when performing encryption or decryption.
client-mac-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure SSH MAC algorithms for the 7210 SAS acting as a client.
mac index name mac-name
no mac index
config>system>security>ssh>client-mac-list
config>system>security>ssh>server-mac-list
Supported on all 7210 SAS platforms as described in this document
This command allows the user to configure SSH MAC algorithms for the 7210 SAS acting as an SSH server or an SSH client.
The no form of this command removes the specified mac index.
no mac index
Specifies the index of the algorithm in the list.
Specifies the algorithm for calculating the message authentication code.
client-kex-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure SSH KEX algorithms for the 7210 SAS in the client role.
By default, the SSH advertises a KEX list that contains the following algorithms:
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
kex index name kex-name
no kex index
config>system>security>ssh>client-kex-list
config>system>security>ssh>server-kex-list
Supported on all 7210 SAS platforms as described in this document
This command configures phase 1 SSHv2 KEX algorithms for the 7210 SAS in the SSH server or client role.
The no form of this command removes the specified KEX index. If all KEX indexes are removed, the default list is used.
Specifies the index of the algorithm in the list. The lowest KEX index is negotiated first and the highest index, which is at the bottom of the KEX list, is negotiated last in the SSH negotiation.
Specifies the KEX algorithm for computing the shared secret key.
[no] preserve-key
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures the server to save private keys, public keys, and host key files. It is restored following a system reboot or an SSH server restart.
The no form of this command specifies that the keys will be held in memory by the SSH server and is not restored following a system reboot.
no preserve-key
server-cipher-list protocol-version version
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command enables the configuration of the list of allowed ciphers by the SSH server.
Specifies the SSH version.
server-kex-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure SSH KEX algorithms for the 7210 SAS in the SSH server role.
By default, the SSH advertises a KEX list that contains the following algorithms:
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
server-mac-list
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document
This command allows the user to configure SSH MAC algorithms for the 7210 SAS acting as an SSH server.
[no] server-shutdown
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables the SSH servers running on the system. At system startup, only the SSH server is enabled.
version ssh-version
no version
config>system>security>ssh
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command specifies the SSH protocol version that will be supported by the SSH server.
version 2
Specifies the SSH version.
telnet
config>system>login-control
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
Commands in this context configure the Telnet login control parameters.
[no] enable-graceful-shutdown
config>system>login-control>telnet
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command enables graceful shutdown of Telnet sessions.
The no form of this command disables graceful shutdown of Telnet sessions.