Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.5(x)

Latest

Cisco Nexus 3000 and 9000 Series NX-API REST Documentation

Enabling the SCP Server

DME

YANG

Copy
POST http://<mgmt0_IP>/api/mo/sys/fm.json
{
  "fmEntity": {
    "children": [
      {
        "fmScpServer": {
          "attributes": {
            "adminSt": "enabled"
}}}]}}
Response
{
    imdata:[]
}

Copy
<System>
  <fm-items>
    <scpserver-items>
      <adminSt>enabled</adminSt>
    </scpserver-items>
  </fm-items>
</System>

Configuring SSH

This section contains payload examples and corresponding CLIs to demonstrate how to use the NX-API REST API to configure SSH on the Cisco Nexus 3000 and 9000 Series switches. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Enabling the SCP Server

Enables the scp-server feature.

CLI Command

The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

feature scp-server

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
fmEntity	sys/fm
fmScpServer	sys/fm/scpserver

fmScpServer Properties

The following table contains information about the fmScpServer properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
adminSt	fm:AdminState (scalar:Enum8)	Admin status	SELECTION: 1 - enabled 2 - disabled DEFAULT: disabled

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Updating the Cert DN Using the DSA Algorithm

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

username SampleString_123 ssh-cert-dn SampleString_123 dsa

MO	DN
aaaSshCertAuth	sys/userext/user-{[name]}/sshcertauth
aaaUser	sys/userext/user-{[name]}

aaaSshCertAuth Properties

The following table contains information about the aaaSshCertAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
algorithm	string:Basic	DSA Or RSA Algorithm	RANGE: [0 , 4]
certDn	string:Basic	Distinguished Name For SSH X.509 Certificate	RANGE: [0 , 512]

aaaUser Properties

The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Cert DN Using the DSA Algorithm

Note: This example was added in Release 9.3(1).

CLI Commands

no username SampleString_123 ssh-cert-dn SampleString_123 dsa

MO	DN
aaaSshCertAuth	sys/userext/user-{[name]}/sshcertauth
aaaUser	sys/userext/user-{[name]}

aaaSshCertAuth Properties

Property Name	Data Type	Description	Values
algorithm	string:Basic	DSA Or RSA Algorithm	RANGE: [0 , 4]
certDn	string:Basic	Distinguished Name For SSH X.509 Certificate	RANGE: [0 , 512]

aaaUser Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Updating the Cert DN Using the RSA Algorithm

Note: This example was added in Release 9.3(1).

CLI Commands

username SampleString_123 ssh-cert-dn SampleString_123 rsa

MO	DN
aaaSshCertAuth	sys/userext/user-{[name]}/sshcertauth
aaaUser	sys/userext/user-{[name]}

aaaSshCertAuth Properties

Property Name	Data Type	Description	Values
algorithm	string:Basic	DSA Or RSA Algorithm	RANGE: [0 , 4]
certDn	string:Basic	Distinguished Name For SSH X.509 Certificate	RANGE: [0 , 512]

aaaUser Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Cert DN Using the RSA Algorithm

Note: This example was added in Release 9.3(1).

CLI Commands

no username SampleString_123 ssh-cert-dn SampleString_123 rsa

MO	DN
aaaSshCertAuth	sys/userext/user-{[name]}/sshcertauth
aaaUser	sys/userext/user-{[name]}

aaaSshCertAuth Properties

Property Name	Data Type	Description	Values
status	mo:ModificationStatus (scalar:Bitmask32)	Modification status	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

aaaUser Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the SSH Client Session Idle Timeout and Max Count of Keepalive Packets

Note: This example was added in Release 9.3(1).

CLI Commands

ssh idle-timeout 11 keepalive-count 3

MO	DN
commSshSession	sys/comm/ssh/sshsession

commSshSession Properties

The following table contains information about the commSshSession properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
idleTimeout	scalar:Uint32	Idle Timeout value in Seconds	RANGE: [0 , 120] DEFAULT: 0
keepAliveCount	scalar:Uint32	Count of KeepAlive packets to be sent to SSH Client	RANGE: [0 , 5] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the SSH Client Session Idle Timeout and Max Count of Keepalive Packets

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh idle-timeout 11 keepalive-count 3

MO	DN
commSshSession	sys/comm/ssh/sshsession

commSshSession Properties

Property Name	Data Type	Description	Values
idleTimeout	scalar:Uint32	Idle Timeout value in Seconds	RANGE: [0 , 120] DEFAULT: 0
keepAliveCount	scalar:Uint32	Count of KeepAlive packets to be sent to SSH Client	RANGE: [0 , 5] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Max Data and Time

Note: This example was added in Release 9.3(1).

CLI Commands

ssh rekey max-data 1G max-time 1M

MO	DN
commRekey	sys/comm/ssh/rekey

commRekey Properties

The following table contains information about the commRekey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
maxData	comm:RekeyDataType (string:Basic)	SSH max-data	DEFAULT: 0\nMAX SIZE: 7
maxTime	comm:RekeyDataType (string:Basic)	SSH max-time	DEFAULT: 0\nMAX SIZE: 7

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Max Data and Time

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh rekey max-data 1G max-time 1M

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

MO	DN
commRekey	sys/comm/ssh/rekey

commRekey Properties

Property Name	Data Type	Description	Values
status	mo:ModificationStatus (scalar:Bitmask32)	Modification status	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Enabling Weak Ciphers for SSH

Note: This example was added in Release 9.3(1).

CLI Commands

ssh cipher-mode weak

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

The following table contains information about the commSsh properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enWeakCiphers	aaa:Boolean (scalar:Enum8)	Enable or Disable weak Ciphers	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Enabling Weak Ciphers for SSH

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh cipher-mode weak

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
enWeakCiphers	aaa:Boolean (scalar:Enum8)	Enable or Disable weak Ciphers	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the HTTPS Key File

Note: This example was added in Release 9.3(1).

CLI Commands

nxapi certificate httpskey keyfile KeyFile_123 password SampleString_123

MO	DN
nxapiInst	sys/nxapi
topSystem	sys

nxapiInst Properties

The following table contains information about the nxapiInst properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
encrKeyPassphrase	nxapi:keyPassphrase (string:Basic)	Passphrase to decrypt the encrypted key file for NX-API	RANGE: [4, 1024]
keyFile	os:OsString (naming:Name)	Key file for NX-API	RANGE: [0 , 256]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Forcing DSA Key Generation

Note: This example was added in Release 9.3(1).

CLI Commands

ssh key dsa force

MO	DN
commSsh	sys/comm/ssh
commSshKey	sys/comm/ssh/key-dsa

commSshKey Properties

The following table contains information about the commSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the DSA Key Generation

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh key dsa force

MO	DN
commSsh	sys/comm/ssh
commSshKey	sys/comm/ssh/key-dsa

commSshKey Properties

Property Name	Data Type	Description	Values
status	mo:ModificationStatus (scalar:Bitmask32)	Modification status	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ECDSA Keys and Forcing the Key Generation

Note: This example was added in Release 9.3(1).

CLI Commands

ssh key ecdsa 454 force

MO	DN
commSsh	sys/comm/ssh
commSshKey	sys/comm/ssh/key-ecdsa

commSshKey Properties

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting ECDSA Keys and Forcing the Key Generation

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh key ecdsa 454 force

MO	DN
commSsh	sys/comm/ssh
commSshKey	sys/comm/ssh/key-ecdsa

commSshKey Properties

Property Name	Data Type	Description	Values
status	mo:ModificationStatus (scalar:Bitmask32)	Modification status	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring RSA Keys and Forcing the Key Generation

Note: This example was added in Release 9.3(1).

CLI Commands

ssh key rsa 1162 force

MO	DN
commSsh	sys/comm/ssh
commSshKey	sys/comm/ssh/key-rsa

commSshKey Properties

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting RSA Keys and Forcing the Key Generation

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh key rsa 1162 force

MO	DN
commSsh	sys/comm/ssh
commSshKey	sys/comm/ssh/key-rsa

commSshKey Properties

Property Name	Data Type	Description	Values
status	mo:ModificationStatus (scalar:Bitmask32)	Modification status	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Key Exchange Methods to Generate Per-Connection Keys

Note: This example was added in Release 9.3(1).

CLI Commands

ssh kexalgos all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
keyExchangeAlgorithms	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Key Exchange methods	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Key Exchange Methods to Generate Per-Connection Keys

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh kexalgos all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
keyExchangeAlgorithms	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Key Exchange methods	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Ciphers to Encrypt the Connection

Note: This example was added in Release 9.3(1).

CLI Commands

ssh ciphers all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
ciphers	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Ciphers	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Ciphers to Encrypt the Connection

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh ciphers all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
ciphers	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Ciphers	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Message Authentication Codes to Detect Traffic Modification

Note: This example was added in Release 9.3(1).

CLI Commands

ssh macs all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
messageAuthCodes	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Message Authentication Codes	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Message Authentication Codes to Detect Traffic Modification

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh macs all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
messageAuthCodes	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Message Authentication Codes	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring SSH Algorithm

Note: This example was added in Release 10.4(2).

CLI Commands

ssh kexalgos [all | key-exchangealgorithm-name]
ssh macs [ all | macname]
ssh ciphers [ all | cipher-name]
ssh keytypes [all | keytype-string]

MO	DN
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
messageAuthCodes	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Message Authentication Codes	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client

Note: This example was added in Release 9.3(1).

CLI Commands

ssh keytypes all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
keyTypes	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Public Key Algorithms	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client

Note: This example was added in Release 9.3(1).

CLI Commands

no ssh keytypes all

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
keyTypes	aaa:Boolean (scalar:Enum8)	Enable Or Disable All Public Key Algorithms	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling Weak Ciphers

Note: This example was added in Release 9.3(3).

CLI Commands

ssh cipher-mode weak

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
enWeakCiphers	aaa:Boolean (scalar:Enum8)	Enable or Disable weak Ciphers	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Disabling Weak Ciphers

Note: This example was added in Release 9.3(3).

CLI Commands

no ssh cipher-mode weak

Verifying a DME Configuration

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
enWeakCiphers	aaa:Boolean (scalar:Enum8)	Enable or Disable weak Ciphers	SELECTION: 0 - no 1 - yes DEFAULT: no

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Note: This example was added in Release 9.3(3).

CLI Commands

ssh login-attempts 7

Verifying a DME Configuration

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
loginAttempts	scalar:Uint32	Max number of login attempts allowed before SSH session is reset	RANGE: [1 , 10] DEFAULT: 3

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Note: This example was added in Release 9.3(3).

CLI Commands

no ssh login-attempts 7

Verifying a DME Configuration

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
loginAttempts	scalar:Uint32	Max number of login attempts allowed before SSH session is reset	RANGE: [1 , 10] DEFAULT: 3

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Note: This example was added in Release 9.3(3).

CLI Commands

ssh login-gracetime 1

Verifying a DME Configuration

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
loginGraceTime	scalar:Uint32	Maximum grace time of SSH login	RANGE: [0 , 3600] DEFAULT: 120

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Note: This example was added in Release 9.3(3).

CLI Commands

no ssh login-gracetime 1

Verifying a DME Configuration

MO	DN
commEntity	sys/comm
commSsh	sys/comm/ssh

commSsh Properties

Property Name	Data Type	Description	Values
loginGraceTime	scalar:Uint32	Maximum grace time of SSH login	RANGE: [0 , 3600] DEFAULT: 120

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Generating Keypair with ECDSA

Note: This example was added in Release 9.3(3).

CLI Commands

username sample_user keypair generate ecdsa 384

MO	DN
aaaUserEp	sys/userext
aaaUser	sys/userext/user-[sample_user]
aaaUserSshKey	sys/userext/user-[sample_user]/userkey-ecdsa
aaaUserEp	sys/userext
aaaUserSshKey	sys/userext/user-[sample_user]/userkey-ecdsa

aaaUser Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

aaaUserSshKey Properties

The following table contains information about the aaaUserSshKey properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

aaaUserSshKey Properties

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Generating Keypair with RSA

Note: This example was added in Release 9.3(3).

CLI Commands

username sample_user keypair generate rsa 1234

MO	DN
aaaUserEp	sys/userext
aaaUser	sys/userext/user-{[name]}
aaaUserSshKey	sys/userext/user-{[name]}/userkey-{type}
aaaUserEp	sys/userext
aaaUserSshKey	sys/userext/user-{[name]}/userkey-{type}

aaaUser Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

aaaUserSshKey Properties

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

aaaUserSshKey Properties

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Generating Keypair with DSA

Note: This example was added in Release 9.3(3).

CLI Commands

username sample_user keypair generate dsa 1024

MO	DN
aaaUserEp	sys/userext
aaaUser	sys/userext/user-{[name]}
aaaUserSshKey	sys/userext/user-{[name]}/userkey-{type}
aaaUserEp	sys/userext
aaaUserSshKey	sys/userext/user-{[name]}/userkey-{type}

aaaUser Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

aaaUserSshKey Properties

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

aaaUserSshKey Properties

Property Name	Data Type	Description	Values
keyLen	scalar:Uint32	Length of the key in bytes	RANGE: [0 , 4096] DEFAULT: 1024
type	comm:SshKeyType (scalar:Enum8)	SSH server key type	SELECTION: 1 - rsa 2 - dsa 3 - ecdsa DEFAULT: rsa

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling SFTP Server

Note: This example was added in Release 9.3(3).

CLI Commands

feature sftp-server

Verifying a DME Configuration

MO	DN
fmEntity	sys/fm
fmSftpServer	sys/fm/sftpserver

fmSftpServer Properties

The following table contains information about the fmSftpServer properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
adminSt	fm:AdminState (scalar:Enum8)	Admin status	SELECTION: 1 - 2 - disabled DEFAULT: disabled

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Disabling SFTP Server

Note: This example was added in Release 9.3(3).

CLI Commands

no feature sftp-server

Verifying a DME Configuration

MO	DN
fmEntity	sys/fm
fmSftpServer	sys/fm/sftpserver

fmSftpServer Properties

Property Name	Data Type	Description	Values
adminSt	fm:AdminState (scalar:Enum8)	Admin status	SELECTION: 1 - 2 - disabled DEFAULT: disabled

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Response

Configuring SSH

Enabling the SCP Server

Updating the Cert DN Using the DSA Algorithm

Deleting the Cert DN Using the DSA Algorithm

Updating the Cert DN Using the RSA Algorithm

Deleting the Cert DN Using the RSA Algorithm

Configuring the SSH Client Session Idle Timeout and Max Count of Keepalive Packets

Deleting the SSH Client Session Idle Timeout and Max Count of Keepalive Packets

Configuring the Max Data and Time

Deleting the Max Data and Time

Configuring Enabling Weak Ciphers for SSH

Deleting Enabling Weak Ciphers for SSH

Configuring the HTTPS Key File

Forcing DSA Key Generation

Deleting the DSA Key Generation

Configuring ECDSA Keys and Forcing the Key Generation

Deleting ECDSA Keys and Forcing the Key Generation

Configuring RSA Keys and Forcing the Key Generation

Deleting RSA Keys and Forcing the Key Generation

Configuring the Key Exchange Methods to Generate Per-Connection Keys

Deleting the Key Exchange Methods to Generate Per-Connection Keys

Configuring Ciphers to Encrypt the Connection

Deleting Ciphers to Encrypt the Connection

Configuring Message Authentication Codes to Detect Traffic Modification

Deleting Message Authentication Codes to Detect Traffic Modification

Configuring SSH Algorithm

Configuring Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client

Deleting Public Key Algorithms that the Server Can Use to Authenticate Itself to the Client

Enabling Weak Ciphers

Disabling Weak Ciphers

Configuring the Maximum Login Attempts From SSH

Deleting the Maximum Login Attempts From SSH

Configuring Login Gracetime for SSH Connection

Deleting Login Gracetime for SSH Connection

Generating Keypair with ECDSA

Generating Keypair with RSA

Generating Keypair with DSA

Enabling SFTP Server

Disabling SFTP Server