Configuring SSH on the Evaluated Configuration
SSH is an allowed remote management interface in the evaluated configuration. This topic describes how to configure SSH on the device.
Before you begin, log in with your root account on the device running Junos OS Release 20.2R1 and edit the configuration.
The commands shown configure SSH to use all of the allowed cryptographic algorithms.
You can enter the configuration commands in any order and commit all the commands at once.
To configure SSH on the TOE:
- Specify the permissible SSH host-key algorithms.[edit system services ssh]user@host# set hostkey-algorithm ssh-ecdsauser@host# set hostkey-algorithm ssh-rsa
- Specify the SSH key-exchange algorithms.[edit system services ssh]user@host#set key-exchange [ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 ]
- Specify all the permissible message authentication code
algorithms.[edit system services ssh]user@host#set macs [ hmac-sha1 hmac-sha2-256 hmac-sha2-512 ]
- Specify the ciphers allowed for protocol version 2.[edit system services ssh]user@host#set ciphers [ aes128-cbc aes256-cbc aes128-ctr aes256-ctr ]