Configuring SSH
This section contains payload examples and corresponding CLIs to demonstrate how to use the NX-API REST API to configure SSH on the Cisco Nexus 3000 and 9000 Series switches. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:
Enabling the SCP Server
Enabling the SCP Server
POST http://<mgmt0_IP>/api/mo/sys/fm.json
{
"fmEntity": {
"children": [
{
"fmScpServer": {
"attributes": {
"adminSt": "enabled"
}}}]}}
{
imdata:[]
}
<System>
<fm-items>
<scpserver-items>
<adminSt>enabled</adminSt>
</scpserver-items>
</fm-items>
</System>
Enables the scp-server feature.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
feature scp-server
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| fmEntity | sys/fm |
| fmScpServer | sys/fm/scpserver |
fmScpServer Properties
The following table contains information about the fmScpServer properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| adminSt | fm:AdminState (scalar:Enum8) | Admin status | SELECTION: 1 - enabled 2 - disabled DEFAULT: disabled |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Updating the Cert DN Using the DSA Algorithm
Updating the Cert DN Using the DSA Algorithm
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "SampleString_123"
},
"children": [
{
"aaaSshCertAuth": {
"attributes": {
"algorithm": "dsa",
"certDn": "SampleString_123"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<userext-items>
<user-items>
<User-list>
<name>SampleString_123</name>
<sshcertauth-items>
<algorithm>dsa</algorithm>
<certDn>SampleString_123</certDn>
</sshcertauth-items>
</User-list>
</user-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
username SampleString_123 ssh-cert-dn SampleString_123 dsa
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaSshCertAuth | sys/userext/user-{[name]}/sshcertauth |
| aaaUser | sys/userext/user-{[name]} |
aaaSshCertAuth Properties
The following table contains information about the aaaSshCertAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| algorithm | string:Basic | DSA Or RSA Algorithm | RANGE: [0 , 4] |
| certDn | string:Basic | Distinguished Name For SSH X.509 Certificate | RANGE: [0 , 512] |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Cert DN Using the DSA Algorithm
Deleting the Cert DN Using the DSA Algorithm
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "SampleString_123"
},
"children": [
{
"aaaSshCertAuth": {
"attributes": {
"algorithm": "dsa",
"certDn": "deleted"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<userext-items>
<user-items>
<User-list>
<name>SampleString_123</name>
<sshcertauth-items nc:operation="delete">
</sshcertauth-items>
</User-list>
</user-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no username SampleString_123 ssh-cert-dn SampleString_123 dsa
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaSshCertAuth | sys/userext/user-{[name]}/sshcertauth |
| aaaUser | sys/userext/user-{[name]} |
aaaSshCertAuth Properties
The following table contains information about the aaaSshCertAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| algorithm | string:Basic | DSA Or RSA Algorithm | RANGE: [0 , 4] |
| certDn | string:Basic | Distinguished Name For SSH X.509 Certificate | RANGE: [0 , 512] |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Updating the Cert DN Using the RSA Algorithm
Updating the Cert DN Using the RSA Algorithm
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "SampleString_123"
},
"children": [
{
"aaaSshCertAuth": {
"attributes": {
"algorithm": "rsa",
"certDn": "SampleString_123"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<userext-items>
<user-items>
<User-list>
<name>SampleString_123</name>
<sshcertauth-items>
<algorithm>rsa</algorithm>
<certDn>SampleString_123</certDn>
</sshcertauth-items>
</User-list>
</user-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
username SampleString_123 ssh-cert-dn SampleString_123 rsa
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaSshCertAuth | sys/userext/user-{[name]}/sshcertauth |
| aaaUser | sys/userext/user-{[name]} |
aaaSshCertAuth Properties
The following table contains information about the aaaSshCertAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| algorithm | string:Basic | DSA Or RSA Algorithm | RANGE: [0 , 4] |
| certDn | string:Basic | Distinguished Name For SSH X.509 Certificate | RANGE: [0 , 512] |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Cert DN Using the RSA Algorithm
Deleting the Cert DN Using the RSA Algorithm
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "SampleString_123"
},
"children": [
{
"aaaSshCertAuth": {
"attributes": {
"status": "deleted"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<userext-items>
<user-items>
<User-list>
<name>SampleString_123</name>
<sshcertauth-items nc:operation="delete">
</sshcertauth-items>
</User-list>
</user-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no username SampleString_123 ssh-cert-dn SampleString_123 rsa
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaSshCertAuth | sys/userext/user-{[name]}/sshcertauth |
| aaaUser | sys/userext/user-{[name]} |
aaaSshCertAuth Properties
The following table contains information about the aaaSshCertAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| status | mo:ModificationStatus (scalar:Bitmask32) | Modification status | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the SSH Client Session Idle Timeout and Max Count of Keepalive Packets
Configuring the SSH Client Session Idle Timeout and Max Count of Keepalive Packets
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"commEntity": {
"children": [
{
"commSsh": {
"children": [
{
"commSshSession": {
"attributes": {
"idleTimeout": "11",
"keepAliveCount": "3"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<sshsession-items>
<idleTimeout>11</idleTimeout>
<keepAliveCount>3</keepAliveCount>
</sshsession-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh idle-timeout 11 keepalive-count 3
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSshSession | sys/comm/ssh/sshsession |
commSshSession Properties
The following table contains information about the commSshSession properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTimeout | scalar:Uint32 | Idle Timeout value in Seconds | RANGE: [0 , 120] DEFAULT: 0 |
| keepAliveCount | scalar:Uint32 | Count of KeepAlive packets to be sent to SSH Client | RANGE: [0 , 5] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the SSH Client Session Idle Timeout and Max Count of Keepalive Packets
Deleting the SSH Client Session Idle Timeout and Max Count of Keepalive Packets
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"commEntity": {
"children": [
{
"commSsh": {
"children": [
{
"commSshSession": {
"attributes": {
"idleTimeout": "0",
"keepAliveCount": "0"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<sshsession-items>
<idleTimeout>0</idleTimeout>
<keepAliveCount>0</keepAliveCount>
</sshsession-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh idle-timeout 11 keepalive-count 3
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSshSession | sys/comm/ssh/sshsession |
commSshSession Properties
The following table contains information about the commSshSession properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTimeout | scalar:Uint32 | Idle Timeout value in Seconds | RANGE: [0 , 120] DEFAULT: 0 |
| keepAliveCount | scalar:Uint32 | Count of KeepAlive packets to be sent to SSH Client | RANGE: [0 , 5] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Max Data and Time
Configuring the Max Data and Time
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"commEntity": {
"children": [
{
"commSsh": {
"children": [
{
"commRekey": {
"attributes": {
"maxData": "1G",
"maxTime": "1M"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<comm-items>
<ssh-items>
<rekey-items>
<maxData>1G</maxData>
<maxTime>1M</maxTime>
</rekey-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh rekey max-data 1G max-time 1M
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commRekey | sys/comm/ssh/rekey |
commRekey Properties
The following table contains information about the commRekey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| maxData | comm:RekeyDataType (string:Basic) | SSH max-data | DEFAULT: 0\nMAX SIZE: 7 |
| maxTime | comm:RekeyDataType (string:Basic) | SSH max-time | DEFAULT: 0\nMAX SIZE: 7 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Max Data and Time
Deleting the Max Data and Time
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"commEntity": {
"children": [
{
"commSsh": {
"children": [
{
"commRekey": {
"attributes": {
"status": "deleted"
}
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<rekey-items nc:operation="delete">
</rekey-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh rekey max-data 1G max-time 1M
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commRekey | sys/comm/ssh/rekey |
commRekey Properties
The following table contains information about the commRekey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| status | mo:ModificationStatus (scalar:Bitmask32) | Modification status | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Enabling Weak Ciphers for SSH
Configuring Enabling Weak Ciphers for SSH
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"enWeakCiphers": "yes"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<enWeakCiphers>yes</enWeakCiphers>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh cipher-mode weak
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| enWeakCiphers | aaa:Boolean (scalar:Enum8) | Enable or Disable weak Ciphers | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Enabling Weak Ciphers for SSH
Deleting Enabling Weak Ciphers for SSH
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"enWeakCiphers": "no"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<enWeakCiphers>no</enWeakCiphers>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh cipher-mode weak
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| enWeakCiphers | aaa:Boolean (scalar:Enum8) | Enable or Disable weak Ciphers | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the HTTPS Key File
Configuring the HTTPS Key File
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"encrKeyPassphrase": "SampleString_123",
"keyFile": "bootflash:/KeyFile_123"
}}}]}}
{
imdata:[]
}
<System>
<nxapi-items>
<encrKeyPassphrase>SampleString_123</encrKeyPassphrase>
<keyFile>bootflash:/KeyFile_123</keyFile>
</nxapi-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi certificate httpskey keyfile KeyFile_123 password SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| nxapiInst | sys/nxapi |
| topSystem | sys |
nxapiInst Properties
The following table contains information about the nxapiInst properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| encrKeyPassphrase | nxapi:keyPassphrase (string:Basic) | Passphrase to decrypt the encrypted key file for NX-API | RANGE: [4, 1024] |
| keyFile | os:OsString (naming:Name) | Key file for NX-API | RANGE: [0 , 256] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Forcing DSA Key Generation
Forcing DSA Key Generation
POST http://<mgmt0_IP>/api/mo/sys/comm/ssh.json
{
"commSsh": {
"children": [
{
"commSshKey": {
"attributes": {
"keyLen": "1024",
"type": "dsa"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<key-items>
<SshKey-list>
<type>dsa</type>
<keyLen>1024</keyLen>
</SshKey-list>
</key-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh key dsa force
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSsh | sys/comm/ssh |
| commSshKey | sys/comm/ssh/key-dsa |
commSshKey Properties
The following table contains information about the commSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the DSA Key Generation
Deleting the DSA Key Generation
POST http://<mgmt0_IP>/api/mo/sys/comm/ssh.json
{
"commSsh": {
"children": [
{
"commSshKey": {
"attributes": {
"status": "deleted",
"type": "dsa"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<key-items>
<SshKey-list nc:operation="delete">
<type>dsa</type>
</SshKey-list>
</key-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh key dsa force
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSsh | sys/comm/ssh |
| commSshKey | sys/comm/ssh/key-dsa |
commSshKey Properties
The following table contains information about the commSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| status | mo:ModificationStatus (scalar:Bitmask32) | Modification status | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring ECDSA Keys and Forcing the Key Generation
Configuring ECDSA Keys and Forcing the Key Generation
POST http://<mgmt0_IP>/api/mo/sys/comm/ssh.json
{
"commSsh": {
"children": [
{
"commSshKey": {
"attributes": {
"keyLen": "454",
"type": "ecdsa"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<key-items>
<SshKey-list>
<type>ecdsa</type>
<keyLen>454</keyLen>
</SshKey-list>
</key-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh key ecdsa 454 force
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSsh | sys/comm/ssh |
| commSshKey | sys/comm/ssh/key-ecdsa |
commSshKey Properties
The following table contains information about the commSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting ECDSA Keys and Forcing the Key Generation
Deleting ECDSA Keys and Forcing the Key Generation
POST http://<mgmt0_IP>/api/mo/sys/comm/ssh.json
{
"commSsh": {
"children": [
{
"commSshKey": {
"attributes": {
"status": "deleted",
"type": "ecdsa"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<key-items>
<SshKey-list nc:operation="delete">
<type>ecdsa</type>
</SshKey-list>
</key-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh key ecdsa 454 force
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSsh | sys/comm/ssh |
| commSshKey | sys/comm/ssh/key-ecdsa |
commSshKey Properties
The following table contains information about the commSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| status | mo:ModificationStatus (scalar:Bitmask32) | Modification status | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring RSA Keys and Forcing the Key Generation
Configuring RSA Keys and Forcing the Key Generation
POST http://<mgmt0_IP>/api/mo/sys/comm/ssh.json
{
"commSsh": {
"children": [
{
"commSshKey": {
"attributes": {
"keyLen": "1162",
"type": "rsa"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<key-items>
<SshKey-list>
<type>rsa</type>
<keyLen>1162</keyLen>
</SshKey-list>
</key-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh key rsa 1162 force
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSsh | sys/comm/ssh |
| commSshKey | sys/comm/ssh/key-rsa |
commSshKey Properties
The following table contains information about the commSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting RSA Keys and Forcing the Key Generation
Deleting RSA Keys and Forcing the Key Generation
POST http://<mgmt0_IP>/api/mo/sys/comm/ssh.json
{
"commSsh": {
"children": [
{
"commSshKey": {
"attributes": {
"status": "deleted",
"type": "rsa"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<key-items>
<SshKey-list nc:operation="delete">
<type>rsa</type>
</SshKey-list>
</key-items>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh key rsa 1162 force
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSsh | sys/comm/ssh |
| commSshKey | sys/comm/ssh/key-rsa |
commSshKey Properties
The following table contains information about the commSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| status | mo:ModificationStatus (scalar:Bitmask32) | Modification status | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Key Exchange Methods to Generate Per-Connection Keys
Configuring the Key Exchange Methods to Generate Per-Connection Keys
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"keyExchangeAlgorithms": "yes"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<keyExchangeAlgorithms>yes</keyExchangeAlgorithms>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh kexalgos all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyExchangeAlgorithms | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Key Exchange methods | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Key Exchange Methods to Generate Per-Connection Keys
Deleting the Key Exchange Methods to Generate Per-Connection Keys
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"keyExchangeAlgorithms": "no"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<keyExchangeAlgorithms>no</keyExchangeAlgorithms>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh kexalgos all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyExchangeAlgorithms | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Key Exchange methods | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Ciphers to Encrypt the Connection
Configuring Ciphers to Encrypt the Connection
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"ciphers": "yes"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<ciphers>yes</ciphers>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh ciphers all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| ciphers | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Ciphers | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Ciphers to Encrypt the Connection
Deleting Ciphers to Encrypt the Connection
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"ciphers": "no"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<ciphers>no</ciphers>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh ciphers all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| ciphers | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Ciphers | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Message Authentication Codes to Detect Traffic Modification
Configuring Message Authentication Codes to Detect Traffic Modification
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"messageAuthCodes": "yes"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<messageAuthCodes>yes</messageAuthCodes>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh macs all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| messageAuthCodes | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Message Authentication Codes | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Message Authentication Codes to Detect Traffic Modification
Deleting Message Authentication Codes to Detect Traffic Modification
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"messageAuthCodes": "no"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<messageAuthCodes>no</messageAuthCodes>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh macs all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| messageAuthCodes | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Message Authentication Codes | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring SSH Algorithm
Configuring SSH Algorithm
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commSsh": {
"attributes": {
"ciphers": "yes",
"keyExchangeAlgorithms": "yes",
"keyTypes": "yes",
"messageAuthCodes": "yes"
},
"children": [
{
"commSshkexAlgos": {
"attributes": {
"algo": "ecdh-sha2-nistp256",
"permit":"yes"
}
}
}
]
"children": [
{
"commSshkeytypes": {
"attributes": {
"algo": "ecdsa-sha2-nistp521",
"permit":"yes"
}
}
}
]
"children": [
{
"commSshCiphers": {
"attributes": {
"algo": "aes256-gcm@openssh.com",
"permit":"yes"
}
}
}
]
"children": [
{
"commSshMacs": {
"attributes": {
"algo": "hmac-sha2-512-etm@openssh.com",
"permit":"yes"
}
}
}
]
}
}
{
imdata:[]
}
Note: This example was added in Release 10.4(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
- ssh kexalgos [all | key-exchangealgorithm-name]
- ssh macs [ all | macname]
- ssh ciphers [ all | cipher-name]
- ssh keytypes [all | keytype-string]
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| messageAuthCodes | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Message Authentication Codes | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client
Configuring Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"keyTypes": "yes"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<keyTypes>yes</keyTypes>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh keytypes all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyTypes | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Public Key Algorithms | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client
Deleting Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"keyTypes": "no"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<keyTypes>no</keyTypes>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh keytypes all
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyTypes | aaa:Boolean (scalar:Enum8) | Enable Or Disable All Public Key Algorithms | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Enabling Weak Ciphers
Enabling Weak Ciphers
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"enWeakCiphers": "yes"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<enWeakCiphers>yes</enWeakCiphers>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh cipher-mode weak
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| enWeakCiphers | aaa:Boolean (scalar:Enum8) | Enable or Disable weak Ciphers | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Disabling Weak Ciphers
Disabling Weak Ciphers
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"enWeakCiphers": "no"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<enWeakCiphers>no</enWeakCiphers>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh cipher-mode weak
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| enWeakCiphers | aaa:Boolean (scalar:Enum8) | Enable or Disable weak Ciphers | SELECTION: 0 - no 1 - yes DEFAULT: no |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Maximum Login Attempts From SSH
Configuring the Maximum Login Attempts From SSH
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"loginAttempts": "7"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<loginAttempts>7</loginAttempts>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh login-attempts 7
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| loginAttempts | scalar:Uint32 | Max number of login attempts allowed before SSH session is reset | RANGE: [1 , 10] DEFAULT: 3 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Maximum Login Attempts From SSH
Deleting the Maximum Login Attempts From SSH
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"loginAttempts": "3"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<loginAttempts>3</loginAttempts>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh login-attempts 7
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| loginAttempts | scalar:Uint32 | Max number of login attempts allowed before SSH session is reset | RANGE: [1 , 10] DEFAULT: 3 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Login Gracetime for SSH Connection
Configuring Login Gracetime for SSH Connection
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"loginGraceTime": "1"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<loginGraceTime>1</loginGraceTime>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ssh login-gracetime 1
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| loginGraceTime | scalar:Uint32 | Maximum grace time of SSH login | RANGE: [0 , 3600] DEFAULT: 120 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Login Gracetime for SSH Connection
Deleting Login Gracetime for SSH Connection
POST http://<mgmt0_IP>/api/mo/sys/comm.json
{
"commEntity": {
"children": [
{
"commSsh": {
"attributes": {
"loginGraceTime": "120"
}}}]}}
{
imdata:[]
}
<System>
<comm-items>
<ssh-items>
<loginGraceTime>120</loginGraceTime>
</ssh-items>
</comm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no ssh login-gracetime 1
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| commEntity | sys/comm |
| commSsh | sys/comm/ssh |
commSsh Properties
The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| loginGraceTime | scalar:Uint32 | Maximum grace time of SSH login | RANGE: [0 , 3600] DEFAULT: 120 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Generating Keypair with ECDSA
Generating Keypair with ECDSA
POST http://<mgmt0_IP>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "sample_user"
},
"children": [
{
"aaaUserSshKey": {
"attributes": {
"keyLen": "384",
"type": "ecdsa"
}}}]}}]}}
{
imdata:[]
}
<System>
<user-items>
<User-list>
<name>sample_user</name>
<userkey-items>
<UserSshKey-list>
<type>ecdsa</type>
<keyLen>384</keyLen>
</UserSshKey-list>
</userkey-items>
</User-list>
</user-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
username sample_user keypair generate ecdsa 384
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaUser | sys/userext/user-[sample_user] |
| aaaUserSshKey | sys/userext/user-[sample_user]/userkey-ecdsa |
| aaaUserEp | sys/userext |
| aaaUserSshKey | sys/userext/user-[sample_user]/userkey-ecdsa |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
aaaUserSshKey Properties
The following table contains information about the aaaUserSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
aaaUserSshKey Properties
The following table contains information about the aaaUserSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Generating Keypair with RSA
Generating Keypair with RSA
POST http://<mgmt0_IP>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "sample_user"
},
"children": [
{
"aaaUserSshKey": {
"attributes": {
"keyLen": "1234",
"type": "rsa"
}}}]}}]}}
{
imdata:[]
}
<System>
<user-items>
<User-list>
<name>sample_user</name>
<userkey-items>
<UserSshKey-list>
<type>rsa</type>
<keyLen>1234</keyLen>
</UserSshKey-list>
</userkey-items>
</User-list>
</user-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
username sample_user keypair generate rsa 1234
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaUser | sys/userext/user-{[name]} |
| aaaUserSshKey | sys/userext/user-{[name]}/userkey-{type} |
| aaaUserEp | sys/userext |
| aaaUserSshKey | sys/userext/user-{[name]}/userkey-{type} |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
aaaUserSshKey Properties
The following table contains information about the aaaUserSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
aaaUserSshKey Properties
The following table contains information about the aaaUserSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Generating Keypair with DSA
Generating Keypair with DSA
POST http://<mgmt0_IP>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "sample_user"
},
"children": [
{
"aaaUserSshKey": {
"attributes": {
"keyLen": "1024",
"type": "dsa"
}}}]}}]}}
{
imdata:[]
}
<System>
<user-items>
<User-list>
<name>sample_user</name>
<userkey-items>
<UserSshKey-list>
<type>dsa</type>
<keyLen>1024</keyLen>
</UserSshKey-list>
</userkey-items>
</User-list>
</user-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
username sample_user keypair generate dsa 1024
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaUser | sys/userext/user-{[name]} |
| aaaUserSshKey | sys/userext/user-{[name]}/userkey-{type} |
| aaaUserEp | sys/userext |
| aaaUserSshKey | sys/userext/user-{[name]}/userkey-{type} |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
aaaUserSshKey Properties
The following table contains information about the aaaUserSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
aaaUserSshKey Properties
The following table contains information about the aaaUserSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| keyLen | scalar:Uint32 | Length of the key in bytes | RANGE: [0 , 4096] DEFAULT: 1024 |
| type | comm:SshKeyType (scalar:Enum8) | SSH server key type | SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Enabling SFTP Server
Enabling SFTP Server
POST http://<mgmt0_IP>/api/mo/sys/fm.json
{
"fmEntity": {
"children": [
{
"fmSftpServer": {
"attributes": {
"adminSt": ""
}}}]}}
{
imdata:[]
}
<System>
<fm-items>
<sftpserver-items>
<adminSt></adminSt>
</sftpserver-items>
</fm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
feature sftp-server
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| fmEntity | sys/fm |
| fmSftpServer | sys/fm/sftpserver |
fmSftpServer Properties
The following table contains information about the fmSftpServer properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| adminSt | fm:AdminState (scalar:Enum8) | Admin status | SELECTION: 1 - 2 - disabled DEFAULT: disabled |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Disabling SFTP Server
Disabling SFTP Server
POST http://<mgmt0_IP>/api/mo/sys/fm.json
{
"fmEntity": {
"children": [
{
"fmSftpServer": {
"attributes": {
"adminSt": "disabled"
}}}]}}
{
imdata:[]
}
<System>
<fm-items>
<sftpserver-items>
<adminSt>disabled</adminSt>
</sftpserver-items>
</fm-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no feature sftp-server
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| fmEntity | sys/fm |
| fmSftpServer | sys/fm/sftpserver |
fmSftpServer Properties
The following table contains information about the fmSftpServer properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| adminSt | fm:AdminState (scalar:Enum8) | Admin status | SELECTION: 1 - 2 - disabled DEFAULT: disabled |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: