User Guide
32-28
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 32 Distributing Administrative Tasks
Managing Secure Shell (SSH) Keys
Managing Secure Shell (SSH) Keys
Use the sshconfig command to:
• Add or delete secure shell (SSH) public User keys to the authorized_keys file of user accounts that
have been configured on the system, including the admin account. This allows authentication to user
accounts using SSH keys rather than password challenge.
• Edit the following SSH server configuration settings:
–
Public Key Authentication Algorithms
–
Cipher Algorithms
–
KEX Algorithms
–
MAC Methods
–
Minimum Server Key Size.
Note To configure Host keys, which are used when performing SCP pushes of log files from the Cisco
appliance to other host machines, use
logconfig -> hostkeyconfig. For more information, see
Chapter 38, “Logging.”
Note After using the sshconfig command, a reboot is required for changes to take effect.
Using
hostkeyconfig, you can scan for keys of remote hosts and add them to the Cisco appliance.
Related Topics
• Example: Install a New Public Key, page 32-28
• Example: Edit SSH Server Configuration, page 32-29
Example: Install a New Public Key
In the following example, a new public key is installed for the administrator account:
mail.example.com> sshconfig
Choose the operation you want to perform:
- SSHD - Edit SSH server settings.
- USERKEY - Edit SSH User Key settings
[]> userkey
Currently installed keys for admin:
Choose the operation you want to perform:
- NEW - Add a new key.
- USER - Switch to a different user to edit.
[]> new
Please enter the public SSH key for authorization.
Press enter on a blank line to finish.
[-paste public key for user authentication here-]
Choose the operation you want to perform: