firewall ssh local-ca
Use this command to define trusted/untrusted CAs for host key signing. Any host key signed by the trust CA is trusted unless the host key is revoked.
FortiGate has two built-in SSH CAs:
- Fortinet_SSH_CA
- Fortinet_SSH_CA_Untrusted
The CAs are used to re-sign a server host key with local host-key using the trusted/untrusted CA when the server host key is trusted or untrusted.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config firewall ssh local-ca |
New Define trusted/untrusted CAs for host key signing. |
config firewall ssh local-ca edit {name} # SSH proxy local CA. set name {string} SSH proxy local CA name. size[35] set password {password_string} Password for SSH private key. size[128] set private-key {string} SSH proxy private key, encrypted with a password. set public-key {string} SSH proxy public key. set source {built-in | user} SSH proxy local CA source type. built-in Built-in SSH proxy local keys. user User imported SSH proxy local keys. next end