firewall ssh local-key
Use this command to define local host key templates for trusted re-signing. They are generated automatically by default.
The system creates different types of local host keys as default re-signing templates:
- Fortinet_SSH_RSA2048
- Fortinet_SSH_DSA1024
- Fortinet_SSH_ECDSA256
- Fortinet_SSH_ECDSA384
- Fortinet_SSH_ECDSA512
- Fortinet_SSH_ED25519
- Fortinet_SSH_RSA1024
Administrators can load their own local host keys and use them for MITM re-signing under config firewall ssh setting
.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config firewall ssh local-key |
New Define local host key templates for trusted re-signing |
config firewall ssh local-key edit {name} # SSH proxy local keys. set name {string} SSH proxy local key name. size[35] set password {password_string} Password for SSH private key. size[128] set private-key {string} SSH proxy private key, encrypted with a password. set public-key {string} SSH proxy public key. set source {built-in | user} SSH proxy local key source type. built-in Built-in SSH proxy local keys. user User imported SSH proxy local keys. next end