beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 269

background image

Multi-Service IronWare Security Configuration Guide

251

53-1003035-02

SSH server version 2 support

5

Designating an interface as the source for all SSH server packets

You can designate a loopback interface, virtual interface, or Ethernet port as the source for all SSH
server packets from the device. The software uses the IP address with the numerically lowest value
configured on the port or interface as the source IP address for SSH server packets originated by
the device.

NOTE

When you specify a single SSH server source, you can use only that source address to establish SSH
server management sessions with the device.

To specify the numerically lowest IP address configured on a loopback interface as the device’s
source for all SSH server packets, enter commands such as a the following.

Brocade(config)# int loopback 2

Brocade(config-lbif-2)# ip address 10.0.0.2/24

Brocade(config-lbif-2)# exit

Brocade(config)# ip ssh source-interface loopback 2

The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to
the interface, then designate the interface as the source for all SSH server packets from the device.

Syntax: ip ssh source-interface ethernet slot/port | loopback num | ve num

The num parameter is a loopback interface or virtual interface number. The slot/port parameter
specifies an ethernet port number.

Example

Brocade(config)# interface ethernet 1/4

Brocade(config-if-e10000-1/4)# ip address 10.157.22.110/24

Brocade(config-if-e10000-1/4)# exit

Brocade(config)# ip ssh source-interface ethernet 1/4

Configuring maximum idle time for SSH server sessions

By default, SSH server sessions do not time out. Optionally, you can set the amount of time an SSH
server session can be inactive before the device closes it. For example, to set the maximum idle
time for SSH server sessions to 30 minutes.

Brocade(config)# ip ssh idle-time 30

Syntax: ip ssh idle-time minutes

If an established SSH server session has no activity for the specified number of minutes, the device
closes it. An idle time of 0 minutes (the default value) means that SSH server sessions never time
out. The maximum idle time for SSH server sessions is 240 minutes.

NOTE

The standard for the idle-timeout RADIUS attribute is for it to be implemented in seconds as opposed
to the minutes that the device router uses. If this attribute is used for setting idle time instead of this
configuration, the value from the idle-timeout RADIUS attribute will be converted from seconds to
minutes and truncated to the nearest minute.

See also other documents in the category Brocade Computer Accessories: