Device > Certificate Management > SSH Service Profile
Configure an SSH service profile to specify the cipher, key exchange, and message authentication code algorithms to use for SSH server connections.
SSH service profiles enable you to restrict the cipher, key exchange, and message authentication code algorithms that encrypt and protect the integrity of your data. Specifically, these profiles strengthen data protection during SSH sessions between your command line interface (CLI) and the management connections and high availability (HA) appliances on your network. You can also generate a new SSH host key and specify the thresholds (data volume, time interval, and packet count) that initiate an SSH rekey.
To configure an SSH service profile,
Addan HA or Management - Server profile, complete the fields in the following table as appropriate, and then click
The process for applying a profile differs between the profile types.
After applying a profile, you must perform an SSH service restart from your CLI to activate the profile.
SSH Service Profile Settings
Enter a name for the profile (up to 31 characters). The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores.
Select the cipher algorithms your server will support for SSH session encryption.
Select the key exchange algorithms your server will support during an SSH session.
Select the message authentication code algorithms your server will support during an SSH session.
Select a host key type and key length to generate a new key pair of the specified host key algorithm and key length.
After you select a host key type, you can enter a key length. The default key type and length is RSA 2048.
Set the maximum volume of data (in megabytes) transmitted before an SSH rekey (range is 10 to 4000; default is the value of the cipher you selected).
Set the maximum time interval (in seconds) before an SSH rekey (range is 10 to 3600; default is no time-based rekeying).
Set the maximum number of packets (2
n) before an SSH rekey.
If you do not configure this parameter, the session will rekey after 2
28packets. To ensure a more frequent rekey, specify a value in the range 12 to 27.
Recommended For You
Recommended videos not found.