firewall ssh setting
Use this command to configure per VDOM SSH settings.
Please note the following:
- When a host key is trusted and signed by a CA, SSH proxy re-signs according type of host key using trusted CA.
- When a host is trusted but not signed, SSH proxy sends back according to the type of host key.
- When a host key is untrusted and signed by a CA, SSH proxy re-signs a temporary host key (one hour life time) using untrusted CA.
- When a host is trusted but not signed, SSH proxy sends back a temporary host key (one hour life time).
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config firewall ssh setting |
New Configure per VDOM SSH settings. |
config firewall ssh setting set caname {string} CA certificate used by SSH Inspection. size[35] - datasource(s): firewall.ssh.local-ca.name set untrusted-caname {string} Untrusted CA certificate used by SSH Inspection. size[35] - datasource(s): firewall.ssh.local-ca.name set hostkey-rsa2048 {string} RSA certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name set hostkey-dsa1024 {string} DSA certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name set hostkey-ecdsa256 {string} ECDSA nid256 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name set hostkey-ecdsa384 {string} ECDSA nid384 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name set hostkey-ecdsa521 {string} ECDSA nid384 certificate used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name set hostkey-ed25519 {string} ED25519 hostkey used by SSH proxy. size[35] - datasource(s): firewall.ssh.local-key.name set host-trusted-checking {enable | disable} Enable/disable host trusted checking. end