Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Compare Editions Software Status FreeNAS
Compare Systems M-Series X-Series R-Series Mini Series
Contact Us iXsystems Careers Clients Reviews
TrueNAS GitHub Community Forum Discord TrueNAS Merch Store
Application Backup and Archival Cloud Media Workflows Video Surveillance Virtualization
Industry Education Government Healthcare Research / AI / ML Media & Entertainment
Enterprise Support Community Support Documentation TrueNAS Security FAQ iX Blog TrueNAS Blog
Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS Videos
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Where to Buy
  1. TrueNAS SCALE 23.10
  2. /
  3. CLI Reference Guide
  4. /
  5. Service
  6. /
  7. SSH
Edit page
TrueNAS SCALETrueNAS SCALE Version Documentation
This content follows the TrueNAS SCALE 23.10 (Cobia) releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

SSH

  4 minute read.

Last Modified 2024-03-19 08:38 EDT

SSH Namespace

The ssh namespace has three commands and is based on SSH service functions found in the SCALE API and web UI. It provides access to SSH service management methods through the ssh commands.

SSH Commands

The following ssh commands allow you to view and edit ssh properties.

The SCALE CLI guide is a work in progress! New namespace and command documentation is continually added and maintained, so check back here often to see what is new!

Interactive Argument Editor (TUI)

Enter the -- flag following any CLI command to open the interactive arguments editor text-based user interface (TUI).

Bindiface_Choices Command

The bindiface_choices command returns a table of available interface for SSH to listen on.

Description

The bindiface_choices command has no required properties. Enter the command then press Enter. The command returns a table of available interfaces when successful.

Usage

From the CLI prompt, enter:

service ssh bindiface_choices

service ssh bindiface_choices
+------------+------------+
|       eno1 | eno1       |
|       eno2 | eno2       |
| enp179s0f0 | enp179s0f0 |
| enp179s0f1 | enp179s0f1 |
| enp179s0f2 | enp179s0f2 |
| enp179s0f3 | enp179s0f3 |
+------------+------------+

Config Command

The config command returns a table with current SSH settings.

Description

The config command has no required properties. Enter the command then press Enter. The command returns a table of current SSH service settings when successful.

Usage

From the CLI prompt, enter:

service smart config

ssh config
+---------------------------+------------------------------------------------------------------+
|                        id | 1                                                                |
|                 bindiface | <empty list>                                                     |
|                   tcpport | 22                                                               |
|                 rootlogin | false                                                            |
|                adminlogin | true                                                             |
|              passwordauth | true                                                             |
|              kerberosauth | false                                                            |
|                    tcpfwd | false                                                            |
|               compression | false                                                            |
|                privatekey |                                                                  |
|            sftp_log_level |                                                                  |
|         sftp_log_facility |                                                                  |
|              host_dsa_key | LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQ... |
|          host_dsa_key_pub | c3NoLWRzcyBBQUFBQjNOemFDMWtjM01BQUFDQkFQL3dkaXM5NUdWeHUySXVtb... |
|     host_dsa_key_cert_pub | <null>                                                           |
|            host_ecdsa_key | LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQ... |
|        host_ecdsa_key_pub | ZWNkc2Etc2hhMi1uaXN0cDI1NiBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkS... |
|   host_ecdsa_key_cert_pub | <null>                                                           |
|          host_ed25519_key | LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQ... |
|      host_ed25519_key_pub | c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUdFa1hFdUloa... |
| host_ed25519_key_cert_pub | <null>                                                           |
|                  host_key | <null>                                                           |
|              host_key_pub | <null>                                                           |
|              host_rsa_key | LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQ... |
|          host_rsa_key_pub | c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FDcDBmb09LY... |
|     host_rsa_key_cert_pub | <null>                                                           |
|              weak_ciphers | AES128-CBC                                                       |
|                           | NONE                                                             |
|                   options |                                                                  |
+---------------------------+------------------------------------------------------------------+

Update Command

The update command allows you to update SSH service settings.

Description

The update command has 12 optional properties; bindiface, tcpport, rootlogin, adminlogin, passwordauth, kerberosauth, tcpfwd, compression, sftp_log_level, sftp_log_facility, weak_ciphers, and options. See Update Command Properties below for details. After entering update, you must include at least one property to update. Separate additional properties with a space. Enter the command string then press Enter. The command returns a blank line when successful.

PropertyDescriptionSyntax Example
bindifaceThe interfaces for SSH to listen on. Leave empty for SSH to listen on all interfaces.bindiface=[interface, interface]
tcpportThe port you want to use for SSH connection requests.tcpport=number
rootloginAllows root logins.rootlogin=true/false
adminloginAllows admin logins.adminlogin=true/false
passwordauthAllows using a password to authenticate the SSH login.passwordauth=true/false
kerberosauthAllows Kerberos authentication using valid directory services entries.kerberosauth=true/false
tcpfwdAllows users to bypass firewall restrictions using the SSH port forwarding feature.tcpfwd=true/false
compressionWhen enabled, the system attempts to reduce latency over slow networks.compression=true/false
sftp_log_levelSelect the syslog(3) level of the SFTP server.sftp_log_level=LEVEL
sftp_log_facilitySelect the syslog(3) facility of the SFTP server.sftp_log_facility=FACILITY
weak_ciphersAllow more ciphers for sshd(8) in addition to the defaults in sshd_config(5).weak_ciphers=[“CIPHER”, “CIPHER”]
optionsAdditional sshd_config(5) optionsoptions=options

Usage

From the CLI prompt, enter:

service ssh update property=value

Where:

  • property is the property you want to update.
  • value is the value you want to specify for the property.
service ssh update bindiface=[] tcpport=22 adminlogin=true weak_ciphers=["NONE", "AES128-CBC"]

Related CLI SSH Articles