[Survey] The 2025 Observability Survey - Share your opinion and earn $10.Take the survey

Configure SSH - Basic Settings


 In Firewall Analyzer, you can use SSH to communicate with your firewall and other security devices. Select Setting > General Settings > SSH Settings. The SSH Settings page opens up. In the SSH Settings page there are two tabs:

  1. SSH Security Settings
  2. SCP/SFTP Server

SSH Security Settings

SSH has vulnerabilities, which can be avoided with following configuration:

Blocked Ciphers

  • Select All
  • aes256-gcm@openssh.com
  • aes128-gcm@openssh.com
  • chacha20-poly1305@openssh.com
  • aes256-ctr
  • aes192-ctr
  • aes128-ctr
  • arcfour256
  • aes256-cbc
  • 3des-cbc
  • 3des-ctr
  • aes192-cbc
  • aes128-cbc
  • blowfish-cbc
  • arcfour128
  • arcfour

All the selected Ciphers will be blocked, when you use SSH in Firewall Analyzer.

Allowed Key Exchanges

  • Select All
  • curve25519-sha256
  • rsa2048-sha256
  • curve25519-sha256@libssh.org
  • rsa1024-sha1
  • diffie-hellman-group18-sha512
  • diffie-hellman-group17-sha512
  • diffie-hellman-group16-sha512
  • diffie-hellman-group15-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group-exchange-sha256
  • ecdh-sha2-nistp521
  • ecdh-sha2-nistp384
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group1-sha1
  • ecdh-sha2-nistp256

Only the selected key exchanges will be allowed, when you use SSH in Firewall Analyzer.

Blocked HMACs

  • Select All
  • hmac-sha2-512-etm@openssh.com
  • hmac-sha2-512-96
  • hmac-sha2-512
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-96
  • hmac-sha1-etm@openssh.com
  • hmac-sha1
  • hmac-sha1-96
  • hmac-md5
  • hmac-md5-etm@openssh.com
  • hmac-md5-96

All the selected HMACs will be blocked, when you use SSH in Firewall Analyzer.

Note: A server restart will be required for these settings to take effect.  

 

SCP/SFTP Server

Configure SCP or SFTP server settings to transfer configuration files to and from the devices securely.

  1. Enable SCP/SFTP Server
    Use toggle switch to enable or disable SCP/SFTP server. - Status: Not Running
  2. Bind to [Port : 22]
    Bind to all IP addresses or localahost. Choose the IP address to bind on port number 22.
  3. Server
    The SCP or SFTP server to which the Firewall Analyzer is bound.
  4. SCP/SFTP User name
    The username of the SCP or SFTP server to access the SCP or SFTP server.
  5. Password *
    Set the password for the SCP or SFTP server.
  6. Re-type Password*
    Re-enter the password for the SCP or SFTP server.

Click Ssve to save the SCP/SFTP configuration.


Note: A server restart will be required for these settings to take effect.

 

Back to Top