diff options
author | Daniil Baturin <daniil@vyos.io> | 2020-08-20 19:17:01 +0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-20 19:17:01 +0700 |
commit | db2000354a7bb2016822e58ac9b5d0207087937f (patch) | |
tree | bef2896afe3e8f894df75788d9260f7bfce3a753 /docs/services/ssh.rst | |
parent | 9440c432cc29276f04a0b1bf111b3a1da0600da0 (diff) | |
parent | 5f2fb34c412691d1544e92e7186274c8a0a3db58 (diff) | |
download | vyos-documentation-db2000354a7bb2016822e58ac9b5d0207087937f.tar.gz vyos-documentation-db2000354a7bb2016822e58ac9b5d0207087937f.zip |
Merge pull request #310 from erkin/master
Fix RST typo and add update SSH service commands
Diffstat (limited to 'docs/services/ssh.rst')
-rw-r--r-- | docs/services/ssh.rst | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index b60d592d..c5959e5c 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -53,7 +53,7 @@ choose from the following ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, Disable password based authentication. Login via SSH keys only. This hardens security! -.. cfgcmd: set service ssh disable-host-validation +.. cfgcmd:: set service ssh disable-host-validation Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible. @@ -74,5 +74,33 @@ Multiple algorithms can be provided. Supported MACs: ``hmac-md5``, .. note:: VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2. -.. seealso:: SSH :ref:`ssh_key_based_authentication` +.. cfgcmd:: set service ssh access-control <allow | deny> <group | user> <name> + +Add access-control directive to allow or deny users and groups. Directives are +processed in the following order of precedence: ``deny-users``, ``allow-users``, +``deny-groups`` and ``allow-groups``. + +.. cfgcmd:: set service ssh client-keepalive-interval <interval> + +Specify timeout interval for keepalive message in seconds. + +.. cfgcmd:: set service ssh key-exchange <kex> + +Specify allowed :abbr:`KEX (Key Exchange)` algorithms. +Supported algorithms: ``diffie-hellman-group1-sha1``, +``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, +``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, +``diffie-hellman-group-exchange-sha1``, +``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, +``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and +``curve25519-sha256@libssh.org``. +.. cfgcmd:: set service ssh loglevel <quiet | fatal | error | info | verbose> + +Set the ``sshd`` log level. The default is ``info``. + +.. cmfcmd:: set service ssh vrf <name> + +Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance. + +.. seealso:: SSH :ref:`ssh_key_based_authentication` |