Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring SSH on the Evaluated Configuration

SSH is an allowed remote management interface in the evaluated configuration. This topic describes how to configure SSH on the device.

  1. Before you begin, log in with your root account on the device running Junos OS Release 22.2R1 and edit the configuration.

Note:

The commands shown configure SSH to use all of the allowed cryptographic algorithms.

Note:

You can enter the configuration commands in any order and commit all the commands at once.

To configure SSH on the TOE:

  1. Specify the permissible SSH host-key algorithms.
    Note: We recommend you to use the ecdsa-sha2-nistp256 hostkey algorithm to ensure Common Criteria compliance.
  2. Specify the command to disable rsa-sha2-512 and rsa-sha2-256 hostkey algorithms.
    Note: The set system services ssh hostkey-algorithm no-ssh-rsa command will disable the rsa-sha2-512, rsa-sha2-256, and ssh-rsa hostkey algorithms.
  3. Specify the SSH key-exchange algorithms.
  4. Specify all the permissible message authentication code algorithms.
  5. Specify the ciphers allowed for protocol version 2.
  6. (Optional step) Specify the number of minutes or maximum amount of data, before a rekey is forced on a session. The time limit must not be set greater than one hour and the data limit must not be set greater than one gigabyte.

Related Documentation