Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring SSH on the Evaluated Configuration

SSH is an allowed remote management interface in the evaluated configuration. This topic describes how to configure SSH on the device.

  1. Before you begin, log in with your root account on the device running Junos OS Release 22.2R2 and edit the configuration.

Note:

The commands shown configure SSH to use all of the allowed cryptographic algorithms.

Note:

You can enter the configuration commands in any order and commit all the commands at once.

To configure SSH on the TOE:

  1. Specify the permissible SSH host-key algorithms.
    Note:

    For Common Criteria compliance, use below host key algorithms : ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, and ecdsa-sha2-nistp521.
  2. Specify the command to disable rsa-sha2-512 and rsa-sha2-256 hostkey algorithms.
    Note: The set system services ssh hostkey-algorithm no-ssh-rsa command will disable the rsa-sha2-512, rsa-sha2-256, and ssh-rsa hostkey algorithms.
  3. Specify the SSH key-exchange algorithms.
  4. Specify all the permissible message authentication code algorithms.
  5. Specify the ciphers allowed for protocol version 2.
  6. (Optional step) Specify the number of minutes or maximum amount of data, before a rekey is forced on a session. The time limit must not be set greater than one hour and the data limit must not be set greater than one gigabyte.

Related Documentation