Fortinet black logo

CLI Reference

firewall ssh local-ca

firewall ssh local-ca

Use this command to define trusted/untrusted CAs for host key signing. Any host key signed by the trust CA is trusted unless the host key is revoked.

FortiGate has two built-in SSH CAs:

  • Fortinet_SSH_CA
  • Fortinet_SSH_CA_Untrusted

The CAs are used to re-sign a server host key with local host-key using the trusted/untrusted CA when the server host key is trusted or untrusted.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config firewall ssh local-ca

New config command.

Define trusted/untrusted CAs for host key signing.

config firewall ssh local-ca
    edit {name}
    # SSH proxy local CA.
        set name {string}   SSH proxy local CA name. size[35]
        set password {password_string}   Password for SSH private key. size[128]
        set private-key {string}   SSH proxy private key, encrypted with a password.
        set public-key {string}   SSH proxy public key.
        set source {built-in | user}   SSH proxy local CA source type.
                built-in  Built-in SSH proxy local keys.
                user      User imported SSH proxy local keys.
    next
end

firewall ssh local-ca

Use this command to define trusted/untrusted CAs for host key signing. Any host key signed by the trust CA is trusted unless the host key is revoked.

FortiGate has two built-in SSH CAs:

  • Fortinet_SSH_CA
  • Fortinet_SSH_CA_Untrusted

The CAs are used to re-sign a server host key with local host-key using the trusted/untrusted CA when the server host key is trusted or untrusted.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config firewall ssh local-ca

New config command.

Define trusted/untrusted CAs for host key signing.

config firewall ssh local-ca
    edit {name}
    # SSH proxy local CA.
        set name {string}   SSH proxy local CA name. size[35]
        set password {password_string}   Password for SSH private key. size[128]
        set private-key {string}   SSH proxy private key, encrypted with a password.
        set public-key {string}   SSH proxy public key.
        set source {built-in | user}   SSH proxy local CA source type.
                built-in  Built-in SSH proxy local keys.
                user      User imported SSH proxy local keys.
    next
end