Advanced: SSH Configuration
Use Security > Advanced > SSH Configuration to configure ciphers, key exchange algorithms and hmacs. The System Manager portal allows you to upload the public keys then enable or disable public key and password authentications. By default, both Public Key Authentication and Password Authentication options are enabled and SSH configurations are applied to both SSH client and server. Configurations persist after a Backup and Restore procedure is completed.
When enabled, SSH public key authentication is attempted first. A valid public key for an authorized administrator account must be uploaded. Otherwise, password authentication is used.
The public key authentication is specified by the administrator and is valid only for the user uploading the key. For example, if <admin> is the user uploading the key, then ssh for admin@<ip> will be successful.
The default (non-FIPS) SSH, FIPS SSH, and CC (Common Criteria) SSH configurations have different sets of ciphers, key exchange algorithms, and hash-based message authentication code (HMAC) options, as described in Default SSH configuration, FIPS SSH configuration, and CC SSH configurations.
You cannot ssh to a cluster, you must instead ssh to a specific instance.
Default SSH configuration
The following table lists the available options for the default SSH configuration:
|
Configuration |
Available |
Selected |
|
Key Exchange Algorithms |
|
|
|
Cipher |
|
|
|
HMAC |
|
|
FIPS SSH configuration
The following table lists the available options for the default FIPS SSH configuration:
|
Configuration |
Available |
Selected |
|
Cipher |
|
|
|
Key Exchange Algorithms |
|
|
|
HMAC |
|
|
CC SSH configurations
The following table lists the available options for the default Common Criteria (CC) SSH configuration:
|
Configuration |
Available |
Selected |
|
Cipher |
|
|
|
Key Exchange Algorithms |
|
|
|
HMAC |
|
|