Configure SSH Key-Based Administrator Authentication to the
For administrators who use Secure Shell (SSH)
to access the CLI of a Palo Alto Networks firewall, SSH keys provide
a more secure authentication method than passwords. SSH keys almost
eliminate the risk of brute-force attacks, provide the option for
two-factor authentication (key and passphrase), and don’t send passwords
over the network. SSH keys also enable automated scripts to access the
Use an SSH key generation tool to create an asymmetric
keypair on the client system of the administrator.
The supported key formats are IETF SECSH and Open SSH.
The supported algorithms are DSA (1,024 bits) and RSA (768-4,096
For the commands to generate the keypair, refer to
your SSH client documentation.
The public key and private
key are separate files. Save both to a location that the firewall
can access. For added security, enter a passphrase to encrypt the private
key. The firewall prompts the administrator for this passphrase
Configure the administrator account to use public key