Fortinet black logo

CLI Reference

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

firewall ssh local-key

firewall ssh local-key

Use this command to define local host key templates for trusted re-signing. They are generated automatically by default.

The system creates different types of local host keys as default re-signing templates:

  • Fortinet_SSH_RSA2048
  • Fortinet_SSH_DSA1024
  • Fortinet_SSH_ECDSA256
  • Fortinet_SSH_ECDSA384
  • Fortinet_SSH_ECDSA512
  • Fortinet_SSH_ED25519
  • Fortinet_SSH_RSA1024

Administrators can load their own local host keys and use them for MITM re-signing under config firewall ssh setting.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config firewall ssh local-key

New config command.

Define local host key templates for trusted re-signing

 
config firewall ssh local-key
    edit {name}
    # SSH proxy local keys.
        set name {string}   SSH proxy local key name. size[35]
        set password {password_string}   Password for SSH private key. size[128]
        set private-key {string}   SSH proxy private key, encrypted with a password.
        set public-key {string}   SSH proxy public key.
        set source {built-in | user}   SSH proxy local key source type.
                built-in  Built-in SSH proxy local keys.
                user      User imported SSH proxy local keys.
    next
end
Previous
Next

firewall ssh local-key

Use this command to define local host key templates for trusted re-signing. They are generated automatically by default.

The system creates different types of local host keys as default re-signing templates:

  • Fortinet_SSH_RSA2048
  • Fortinet_SSH_DSA1024
  • Fortinet_SSH_ECDSA256
  • Fortinet_SSH_ECDSA384
  • Fortinet_SSH_ECDSA512
  • Fortinet_SSH_ED25519
  • Fortinet_SSH_RSA1024

Administrators can load their own local host keys and use them for MITM re-signing under config firewall ssh setting.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config firewall ssh local-key

New config command.

Define local host key templates for trusted re-signing

 
config firewall ssh local-key
    edit {name}
    # SSH proxy local keys.
        set name {string}   SSH proxy local key name. size[35]
        set password {password_string}   Password for SSH private key. size[128]
        set private-key {string}   SSH proxy private key, encrypted with a password.
        set public-key {string}   SSH proxy public key.
        set source {built-in | user}   SSH proxy local key source type.
                built-in  Built-in SSH proxy local keys.
                user      User imported SSH proxy local keys.
    next
end
Previous
Next