Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Configuring SSH on the Linux Client

    SSH is the only remote management interface allowed in the Common Criteria certified configuration. This topic describes how to configure SSH on the Linux client.

    Before you configure cryptographic functions on the SSH client, you need to configure the encrypt or authentication algorithm in /home/”$username”/.ssh/config.

    Note: The SSH client can support all algorithms by default.

    The following procedure shows how to configure SSH for a user account named security-officer for two ciphers, aes128-cbc and aes256-cbc.

    To configure SSH on a Linux client:Remove any previously configured SSH configurations on the Linux client machine.
    root@host# /bin/rm -f /home/security-officer/.ssh/config
    Create the SSH configuration file for a user named security-officer, where:Cipher = aes128-cbc; Host Key Algorithm = ssh-rsa; Message Authentication Algorithm = hmac-sha1; Key-Exchange for Diffie-Hellman keys = diffie-hellman-group14-sha1SSH version 2
    security-officer@host> /bin/echo Ciphers aes128-cbc> HostKeyAlgorithms ssh-rsa> IdentityFile ~/.ssh/id_rsa > UserKnownHostsFile /dev/null > StrictHostKeyChecking no > MACs hmac-sha1> KexAlgorithms diffie-hellman-group14-sha1 > Protocol 2> " > /home/security-officer/.ssh/config
    Change the permission of the created SSH configuration file.
    root@host> bin/chmod 600 /home/security-officer/.ssh/config
    Create the SSH configuration file for a user named security-officer, where:Cipher = aes128-cbc; Host Key Algorithm = ssh-rsa; Message Authentication Algorithm = hmac-sha1; Key-Exchange for Diffie-Hellman keys = diffie-hellman-group14-sha1SSH version 2
    root@host>/bin/echo Ciphers aes256-cbc> HostKeyAlgorithms ssh-rsa> IdentityFile ~/.ssh/id_rsa> UserKnownHostsFile /dev/null> StrictHostKeyChecking no> MACs hmac-sha1> KexAlgorithms diffie-hellman-group14-sha1> PreferredAuthentications publickey> Protocol 2> " > /home/security-officer/.ssh/config”
    Change the permission of the created SSH configuration file.
    root@host> /bin/chmod 600 /home/security-officer/.ssh/config
     

    Related Documentation

     

    Published: 2013-12-10