Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

firewall ssh setting

Use this command to configure per VDOM SSH settings.

Please note the following:

  • When a host key is trusted and signed by a CA, SSH proxy re-signs according type of host key using trusted CA.
  • When a host is trusted but not signed, SSH proxy sends back according to the type of host key.
  • When a host key is untrusted and signed by a CA, SSH proxy re-signs a temporary host key (one hour life time) using untrusted CA.
  • When a host is trusted but not signed, SSH proxy sends back a temporary host key (one hour life time).

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config firewall ssh setting

New config command.

Configure per VDOM SSH settings.

config firewall ssh setting
    set caname {string}   CA certificate used by SSH Inspection. size[35] - datasource(s): firewall.ssh.local-ca.name
    set untrusted-caname {string}   Untrusted CA certificate used by SSH Inspection. size[35] - datasource(s): firewall.ssh.local-ca.name
    set hostkey-rsa2048 {string}   RSA certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-dsa1024 {string}   DSA certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ecdsa256 {string}   ECDSA nid256 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ecdsa384 {string}   ECDSA nid384 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ecdsa521 {string}   ECDSA nid384 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ed25519 {string}   ED25519 hostkey used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set host-trusted-checking {enable | disable}   Enable/disable host trusted checking.
end

firewall ssh setting

Use this command to configure per VDOM SSH settings.

Please note the following:

  • When a host key is trusted and signed by a CA, SSH proxy re-signs according type of host key using trusted CA.
  • When a host is trusted but not signed, SSH proxy sends back according to the type of host key.
  • When a host key is untrusted and signed by a CA, SSH proxy re-signs a temporary host key (one hour life time) using untrusted CA.
  • When a host is trusted but not signed, SSH proxy sends back a temporary host key (one hour life time).

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config firewall ssh setting

New config command.

Configure per VDOM SSH settings.

config firewall ssh setting
    set caname {string}   CA certificate used by SSH Inspection. size[35] - datasource(s): firewall.ssh.local-ca.name
    set untrusted-caname {string}   Untrusted CA certificate used by SSH Inspection. size[35] - datasource(s): firewall.ssh.local-ca.name
    set hostkey-rsa2048 {string}   RSA certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-dsa1024 {string}   DSA certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ecdsa256 {string}   ECDSA nid256 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ecdsa384 {string}   ECDSA nid384 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ecdsa521 {string}   ECDSA nid384 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set hostkey-ed25519 {string}   ED25519 hostkey used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name
    set host-trusted-checking {enable | disable}   Enable/disable host trusted checking.
end