Configuring SSH on the Evaluated Configuration
SSH is an allowed remote management interface in the evaluated configuration. This topic describes how to configure SSH on the device.
-
Before you begin, log in with your root account on the device.
To configure SSH on the device:
Note:
To disable SSH service, you can deactivate and commit the SSH configurations:
security-administrator@host:fips# deactivate system services ssh
Note:
To disable Netconf service, you can deactivate and commit the netconf configurations:
security-administrator@host:fips# deactivate system services netconf ssh
Supported SSH hostkey algorithm:
ssh-ecdsa Allow generation of ECDSA host-key ssh-rsa Allow generation of RSA host-key
Supported SSH key-exchange algorithm:
dh-group14-sha1 The RFC 4253 mandated group14 with SHA1 hash ecdh-sha2-nistp256 The EC Diffie-Hellman on nistp256 with SHA2-256 ecdh-sha2-nistp384 The EC Diffie-Hellman on nistp384 with SHA2-384 ecdh-sha2-nistp521 The EC Diffie-Hellman on nistp521 with SHA2-512
Supported MAC algorithm:
hmac-sha1 Hash-based MAC using Secure Hash Algorithm (SHA1) hmac-sha2-256 Hash-based MAC using Secure Hash Algorithm (SHA2) hmac-sha2-512 Hash-based MAC using Secure Hash Algorithm (SHA2)
Supported SSH ciphers algorithm:
aes128-cbc 128-bit AES with Cipher Block Chaining aes128-ctr 128-bit AES with Counter Mode aes256-cbc 256-bit AES with Cipher Block Chaining aes256-ctr 256-bit AES with Counter Mode