Configure SSH - Basic Settings
In Firewall Analyzer, you can use SSH to communicate with your firewall and other security devices. Select Setting > General Settings > SSH Settings. The SSH Settings page opens up. In the SSH Settings page there are two tabs:
- SSH Security Settings
- SCP/SFTP Server
SSH Security Settings
SSH has vulnerabilities, which can be avoided with following configuration:
Blocked Ciphers
- Select All
- aes256-gcm@openssh.com
- aes128-gcm@openssh.com
- chacha20-poly1305@openssh.com
- aes256-ctr
- aes192-ctr
- aes128-ctr
- arcfour256
- aes256-cbc
- 3des-cbc
- 3des-ctr
- aes192-cbc
- aes128-cbc
- blowfish-cbc
- arcfour128
- arcfour
All the selected Ciphers will be blocked, when you use SSH in Firewall Analyzer.
Allowed Key Exchanges
- Select All
- curve25519-sha256
- rsa2048-sha256
- curve25519-sha256@libssh.org
- rsa1024-sha1
- diffie-hellman-group18-sha512
- diffie-hellman-group17-sha512
- diffie-hellman-group16-sha512
- diffie-hellman-group15-sha512
- diffie-hellman-group14-sha256
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha256
- ecdh-sha2-nistp521
- ecdh-sha2-nistp384
- diffie-hellman-group-exchange-sha1
- diffie-hellman-group1-sha1
- ecdh-sha2-nistp256
Only the selected key exchanges will be allowed, when you use SSH in Firewall Analyzer.
Blocked HMACs
- Select All
- hmac-sha2-512-etm@openssh.com
- hmac-sha2-512-96
- hmac-sha2-512
- hmac-sha2-256-etm@openssh.com
- hmac-sha2-256
- hmac-sha2-256-96
- hmac-sha1-etm@openssh.com
- hmac-sha1
- hmac-sha1-96
- hmac-md5
- hmac-md5-etm@openssh.com
- hmac-md5-96
All the selected HMACs will be blocked, when you use SSH in Firewall Analyzer.
Note: |
A server restart will be required for these settings to take effect. |
SCP/SFTP Server
Configure SCP or SFTP server settings to transfer configuration files to and from the devices securely.
- Enable SCP/SFTP Server
Use toggle switch to enable or disable SCP/SFTP server. - Status: Not Running
- Bind to [Port : 22]
Bind to all IP addresses or localahost. Choose the IP address to bind on port number 22.
- Server
The SCP or SFTP server to which the Firewall Analyzer is bound.
- SCP/SFTP User name
The username of the SCP or SFTP server to access the SCP or SFTP server.
- Password *
Set the password for the SCP or SFTP server.
- Re-type Password*
Re-enter the password for the SCP or SFTP server.
Click Ssve to save the SCP/SFTP configuration.
Note: |
A server restart will be required for these settings to take effect. |