summaryrefslogtreecommitdiff
path: root/docs/services/ssh.rst
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2020-08-20 19:17:01 +0700
committerGitHub <noreply@github.com>2020-08-20 19:17:01 +0700
commitdb2000354a7bb2016822e58ac9b5d0207087937f (patch)
treebef2896afe3e8f894df75788d9260f7bfce3a753 /docs/services/ssh.rst
parent9440c432cc29276f04a0b1bf111b3a1da0600da0 (diff)
parent5f2fb34c412691d1544e92e7186274c8a0a3db58 (diff)
downloadvyos-documentation-db2000354a7bb2016822e58ac9b5d0207087937f.tar.gz
vyos-documentation-db2000354a7bb2016822e58ac9b5d0207087937f.zip
Merge pull request #310 from erkin/master
Fix RST typo and add update SSH service commands
Diffstat (limited to 'docs/services/ssh.rst')
-rw-r--r--docs/services/ssh.rst32
1 files changed, 30 insertions, 2 deletions
diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst
index b60d592d..c5959e5c 100644
--- a/docs/services/ssh.rst
+++ b/docs/services/ssh.rst
@@ -53,7 +53,7 @@ choose from the following ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``,
Disable password based authentication. Login via SSH keys only. This hardens
security!
-.. cfgcmd: set service ssh disable-host-validation
+.. cfgcmd:: set service ssh disable-host-validation
Disable the host validation through reverse DNS lookups - can speedup login
time when reverse lookup is not possible.
@@ -74,5 +74,33 @@ Multiple algorithms can be provided. Supported MACs: ``hmac-md5``,
.. note:: VyOS 1.1 supported login as user ``root``. This has been removed due
to tighter security in VyOS 1.2.
-.. seealso:: SSH :ref:`ssh_key_based_authentication`
+.. cfgcmd:: set service ssh access-control <allow | deny> <group | user> <name>
+
+Add access-control directive to allow or deny users and groups. Directives are
+processed in the following order of precedence: ``deny-users``, ``allow-users``,
+``deny-groups`` and ``allow-groups``.
+
+.. cfgcmd:: set service ssh client-keepalive-interval <interval>
+
+Specify timeout interval for keepalive message in seconds.
+
+.. cfgcmd:: set service ssh key-exchange <kex>
+
+Specify allowed :abbr:`KEX (Key Exchange)` algorithms.
+Supported algorithms: ``diffie-hellman-group1-sha1``,
+``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``,
+``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``,
+``diffie-hellman-group-exchange-sha1``,
+``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``,
+``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and
+``curve25519-sha256@libssh.org``.
+.. cfgcmd:: set service ssh loglevel <quiet | fatal | error | info | verbose>
+
+Set the ``sshd`` log level. The default is ``info``.
+
+.. cmfcmd:: set service ssh vrf <name>
+
+Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance.
+
+.. seealso:: SSH :ref:`ssh_key_based_authentication`