Device > Certificate Management > SSH Service Profile

Configure an SSH service profile to specify the cipher, key exchange, and message authentication code algorithms to use for SSH server connections.
SSH service profiles enable you to restrict the cipher, key exchange, and message authentication code algorithms that encrypt and protect the integrity of your data. Specifically, these profiles strengthen data protection during SSH sessions between your command line interface (CLI) and the management connections and high availability (HA) appliances on your network. You can also generate a new SSH host key and specify the thresholds (data volume, time interval, and packet count) that initiate an SSH rekey.
To configure an SSH service profile,
Add
an HA or Management - Server profile, complete the fields in the following table as appropriate, and then click
OK
and
Commit
your changes.
The process for applying a profile differs between the profile types.
  • To apply an HA profile, select Device > High Availability > General. Under SSH HA Profile Setting, select an existing profile. Click
    OK
    and
    Commit
    your changes.
  • To apply a Management - Server profile, select Device > Setup > Management. Under SSH Management Profiles Settings, select an existing profile. Click
    OK
    and
    Commit
    your changes.
After applying a profile, you must perform an SSH service restart from your CLI to activate the profile.
SSH Service Profile Settings
Description
Name
Enter a name for the profile (up to 31 characters). The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores.
Ciphers
Select the cipher algorithms your server will support for SSH session encryption.
KEX
Select the key exchange algorithms your server will support during an SSH session.
MAC
Select the message authentication code algorithms your server will support during an SSH session.
Hostkey
Select a host key type and key length to generate a new key pair of the specified host key algorithm and key length.
After you select a host key type, you can enter a key length. The default key type and length is RSA 2048.
Data
Set the maximum volume of data (in megabytes) transmitted before an SSH rekey (range is 10 to 4000; default is the value of the cipher you selected).
Interval
Set the maximum time interval (in seconds) before an SSH rekey (range is 10 to 3600; default is no time-based rekeying).
Packets
Set the maximum number of packets (2
n
) before an SSH rekey.
If you do not configure this parameter, the session will rekey after 2
28
packets. To ensure a more frequent rekey, specify a value in the range 12 to 27.

Recommended For You