HP FlexFabric 5700 Series Security Configuration Manual page 321

Step
3. Set the minimum update
interval for the RSA server key
pair.
4. Set the SSH user
authentication timeout timer.
5. Set the maximum number of
SSH authentication attempts.
6. Specify an ACL to control SSH
user connections.
7. Set the DSCP value in the
packets that the SSH server
sends to the SSH clients.
8. Configure the SFTP
connection idle timeout timer.
9. Specify the maximum number
of concurrent online SSH
users.
Command
ssh server rekey-interval hours
ssh server authentication-timeout
time-out-value
ssh server authentication-retries
times
•
Control IPv4 SSH user
connections:
ssh server acl acl-number
•
Control IPv6 SSH user
connections:
ssh server ipv6 acl [ ipv6 ]
acl-number
•
Set the DSCP value in IPv4
packets:
ssh server dscp dscp-value
•
Set the DSCP value in IPv6
packets:
ssh server ipv6 dscp dscp-value
sftp server idle-timeout
time-out-value
aaa session-limit ssh max-sessions
309
Remarks
By default, the RSA server key pair
is not updated.
This command takes effect only on
SSH1 users.
This command is not available in
FIPS mode.
The default setting is 60 seconds.
If a user does not finish the
authentication when the timeout
timer expires, the connection
cannot be established.
The default setting is 3.
If a user does not finish the
authentication when the timeout
timer expires, the connection
cannot be established.
By default, no ACLs are specified
and all SSH users can initiate
connections to the server.
The default setting is 48.
The DSCP value of a packet
defines the priority of the packet
and affects the transmission
priority of the packet. A bigger
DSCP value represents a higher
priority.
The default setting is 10 minutes.
When the idle timeout timer
expires, the system automatically
terminates the connection.
The default setting is 32.
When the number of online SSH
users reaches the upper limit, the
system denies new SSH connection
requests.
Changing the upper limit does not
affect online SSH users.