Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring SSH on the Evaluated Configuration

 

SSH is an allowed remote management interface in the evaluated configuration. This topic describes how to configure SSH on the device.

  • Before you begin, log in with your root account on the device running Junos OS Release 19.1R1and edit the configuration.

Note

The commands shown configure SSH to use all of the allowed cryptographic algorithms.

Note

You can enter the configuration commands in any order and commit all the commands at once.

  1. Specify the permissible SSH host-key algorithms.
    Note

    We recommended you to use the ecdsa-sha2-nistp256 hostkey algorithm to ensure Common Criteria compliance.

  2. Specify the command to disable rsa-sha2-512 and rsa-sha2-256 hostkey algorithms.
    Note

    The set system services ssh hostkey-algorithm no-ssh-rsa command will disable the rsa-sha2-512, rsa-sha2-256, and ssh-rsa hostkey algorithms.

  3. Specify the SSH key-exchange algorithms.
  4. Specify all the permissible message authentication code algorithms.
  5. Specify the ciphers allowed for protocol version 2.
  6. Specify the number of minutes or maximum amount of data, before a rekey is forced on a session. The time limit must not be set greater than one hour and the data limit must not be set greater than one gigabyte.Note

    This step is optional.