SSH Connection Settings

Overview

SSH provides a secure method for connecting to remote systems over unsecured networks. It establishes a secure channel between the client and server, ensuring confidentiality, integrity, and authentication of data.

Utilizing cryptographic methods, SSH guarantees encrypted communication between the user and the remote server. This protocol offers authentication for remote users, facilitates the transmission of client inputs to the host, and sends the corresponding outputs back to the client in a secure manner.

How it works

Here's an overview of how SSH communication works, including the role of ciphers and algorithms:

  • Key Exchange Algorithms - Responsible for server authentication and setting up the keys used to secure the connection.
  • Encryption Algorithms - Encryption for data confidentiality.
  • MAC Algorithms - Verifies the integrity of the data by adding a message authentication code (MAC) to the packet.

During the above tasks, both client and server will share the algorithms to be used for each operation. Once they find a mutually supported algorithm, an SSH connection will be established.

To access the SSH Connection Settings, go to Settings → Performance Polling → SSH Connection Settings. Upon initialization, the system will automatically choose all accessible ciphers, ensuring their utilization for SSH communication.

Block ciphers in SSH Settings

Guarantee the security and integrity of your system by preventing the use of vulnerable ciphers. Disable any weak ciphers by deselecting SSH ciphers, key exchanges, and HMACs following the outlined steps below:

  1. Go to Settings → Performance Polling → SSH Connection Settings.
  2. Under Allowed Ciphers / Allowed Key Exchange / Allowed HMACS, unselect the ciphers to block.
  3. Click the Update button.
  4. Restart the product for the changes to take effect.
Note:
  • By default, at least one cipher from each category must be selected, including Allowed Ciphers, Allowed Key Exchange, and Allowed HMACs. Completely blocking all ciphers is not feasible.
  • In the Enterprise Edition, SSH Connection Settings will be visible in both the EE Admin and Managed Servers.
  • If any changes are made in the Admin Server, the configuration will be synchronized to all the Managed Servers. After the synchronization, the Managed Server must be restarted. However, if there are any configuration changes made on a Managed Server, those changes won't be synchronized with the EE Admin server.