Device > Certificate Management > SSH Service Profile
Configure an SSH service profile to specify the cipher,
key exchange, and message authentication code algorithms to use
for SSH server connections.
SSH service profiles enable you to restrict the cipher,
key exchange, and message authentication code algorithms that encrypt
and protect the integrity of your data. Specifically, these profiles
strengthen data protection during SSH sessions between your command
line interface (CLI) and the management connections and high availability
(HA) appliances on your network. You can also generate a new SSH
host key and specify the thresholds (data volume, time interval,
and packet count) that initiate an SSH rekey.
To configure an SSH service profile,
Add
an
HA or Management - Server profile, complete the fields in the following
table as appropriate, and then click OK
and Commit
your
changes.The process for applying a profile differs between the profile
types.
- To apply an HA profile, select Device > High Availability > General. Under SSH HA Profile Setting, select an existing profile. ClickOKandCommityour changes.
- To apply a Management - Server profile, select Device > Setup > Management. Under SSH Management Profiles Settings, select an existing profile. ClickOKandCommityour changes.
After applying a profile, you must perform an SSH service
restart from your CLI to activate the profile.
SSH Service Profile Settings | Description |
---|---|
Name | Enter a name for the profile (up to 31 characters).
The name is case-sensitive, must be unique, and can contain only
letters, numbers, spaces, hyphens, and underscores. |
Ciphers | Select the cipher algorithms your server will
support for SSH session encryption. |
KEX | Select the key exchange algorithms your server
will support during an SSH session. |
MAC | Select the message authentication code algorithms
your server will support during an SSH session. |
Hostkey | Select a host key type and key length to generate
a new key pair of the specified host key algorithm and key length. After
you select a host key type, you can enter a key length. The default
key type and length is RSA 2048. |
Data | Set the maximum volume of data (in megabytes)
transmitted before an SSH rekey (range is 10 to 4000; default is
the value of the cipher you selected). |
Interval | Set the maximum time interval (in seconds)
before an SSH rekey (range is 10 to 3600; default is no time-based
rekeying). |
Packets | Set the maximum number of packets (2 n )
before an SSH rekey. If you do not configure this parameter,
the session will rekey after 2 28 packets. To ensure a
more frequent rekey, specify a value in the range 12 to 27. |
Recommended For You
Recommended Videos
Recommended videos not found.