Configure SSH na configuração avaliada para NDcPPv2.2e
SSH por meio de interface de gerenciamento remoto permitida na configuração avaliada. Este tópico descreve como configurar o SSH para o gerenciamento remoto do TOE. Os algoritmos a seguir que precisam ser configurados para validar o SSH para NDcPPv2.2e.
Para configurar o SSH no TOE:
Especifique os algoritmos de chave de host SSH permitidos para os serviços do sistema.
[edit] security-administrator@host:fips# set system services ssh hostkey-algorithm ssh-ecdsa security-administrator@host:fips# set system services ssh hostkey-algorithm no-ssh-dss security-administrator@host:fips# set system services ssh hostkey-algorithm ssh-rsa security-administrator@host:fips# set system services ssh hostkey-algorithm no-ssh-ed25519
Especifique a troca de chaves SSH para chaves Diffie-Hellman para os serviços do sistema.
[edit] security-administrator@host:fips# set system services ssh key-exchange dh-group14-sha1 security-administrator@host:fips# set system services ssh key-exchange ecdh-sha2-nistp256 security-administrator@host:fips# set system services ssh key-exchange ecdh-sha2-nistp384 security-administrator@host:fips# set system services ssh key-exchange ecdh-sha2-nistp521
Especifique todos os algoritmos de código de autenticação de mensagens permitidos para SSHv2
[edit] security-administrator@host:fips# set system services ssh macs hmac-sha1 security-administrator@host:fips# set system services ssh macs hmac-sha2-256 security-administrator@host:fips# set system services ssh macs hmac-sha2-512
Especifique as cifras permitidas para a versão 2 do protocolo.
[edit] security-administrator@host:fips# set system services ssh ciphers aes128-cbc security-administrator@host:fips# set system services ssh ciphers aes256-cbc security-administrator@host:fips# set system services ssh ciphers aes128-ctr security-administrator@host:fips# set system services ssh ciphers aes256-ctr
Algoritmo de host SSH suportado:
ssh-ecdsa Allow generation of ECDSA host-key ssh-rsa Allow generation of RSA host-key
Algoritmo de troca de chaves SSH suportado:
dh-group14-sha1 The RFC 4253 mandated group14 with SHA1 hash ecdh-sha2-nistp256 The EC Diffie-Hellman on nistp256 with SHA2-256 ecdh-sha2-nistp384 The EC Diffie-Hellman on nistp384 with SHA2-384 ecdh-sha2-nistp521 The EC Diffie-Hellman on nistp521 with SHA2-512
Algoritmo de MACs suportado:
hmac-sha1 Hash-based MAC using Secure Hash Algorithm (SHA1) hmac-sha2-256 Hash-based MAC using Secure Hash Algorithm (SHA2) hmac-sha2-512 Hash-based MAC using Secure Hash Algorithm (SHA2)
Algoritmo de cifras SSH suportado:
aes128-cbc 128-bit AES with Cipher Block Chaining aes128-ctr 128-bit AES with Counter Mode aes256-cbc 256-bit AES with Cipher Block Chaining aes256-ctr 256-bit AES with Counter Mode