Properties

Name

Specifies a symbolic name for the SSH server. (Identifier)

Interface

Specifies the source interface for which remote access is granted.

Network

Specifies the source network for which remote access is granted.

Port

The listening port for the SSH server. (Default: 22)

Algorithms

Controls accepted algorithms. (Default: Recommended)

AuthMethodPassword

Allow password client authentication. (Default: Yes)

AuthMethodPublicKey

Allow public key client authentication. (Default: Yes)

AcceptedKeyTypes

Public key types allowed to be used by clients that uses public key authentication. Specified in order of preference. (Default: ecdsa-sha2-nistp256,
ecdsa-sha2-nistp521)

HostKeyType

Public key types used by this host to authenticate itself to connecting clients. Specified in order of preference. (Default: ecdsa-sha2-nistp256,
ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512)

KexMethod

Key exchange algorithms allowed. Specified in order of preference. (Default: ecdh-sha2-nistp256,
ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group14-sha256,
diffie-hellman-group16-sha512)

Ciphers

Ciphers allowed in order of preference. (Default: aes128-ctr,aes192-ctr,aes256-ctr)

IntegrityAlg

Integrity algorithms allowed and specified in order of preference. (Default:
hmac-sha2-256,hmac-sha2-512)

Banner

Specifies the greeting message to display when the user logs in. (Optional)

MaxSessions

The maximum number of clients that can be connected at the same time. (Default: 5)

SessionIdleTime

The number of seconds a user can be idle before the session is closed (0=disable). (Default: 1800)

LoginGraceTime

When the user has supplied the username, the password has to be provided within this number of seconds or the session will be closed. (Default: 30)

AuthenticationRetries

The number of retires allowed before the session is closed. (Default: 3)

AuthSource

Optionally enable authentication from an external source. Note that a Local User Database must ALWAYS be configured to prevent administrative lockout in cases where the external source may not be available. (Default: LocalOnly)

AuthOrder

Specifies if the local database should be queried before or after the external database. (Default: LocalLast)

LocalUserDatabase

Specifies the local user database to use for login.

AccessLevel

Optionally restrict the access level of users authenticated by the local database. (Default: Admin)

RadiusServers

Specifies the authentication servers that will be used to authenticate users matching this rule.

RadiusMethod

Specifies the authentication method used for encrypting the user password. (Default: PAP)

ChallengeExpire

How long, in seconds, before RADIUS challenge expires. (Default: 160)

PrimaryRetryInterval

How many seconds to wait before trying to use the primary server again if it has failed (0=disable). (Default: 0)

AdminGroups

Restricts administration access to specific user groups. (Optional)

AuditGroups

Restricts auditing access to specific user groups. (Optional)

Attribute

Special Attribute of the current object. (Optional)

Comments

Text describing the current object. (Optional)