Editing SSH configuration options

Introduction

SSH gateway provides full flexibility for configuring the SSH protocol, including compression, ciphers, key exchange etc.

This article gives an overview of what settings are available and where to find them.

 

1. NIC binding and port

SSHconfig1.png
Log on to the web UI as admin, then navigate to System->Interfaces->SSH. Click the Edit button next to the Default SSH interface.

 

SSHconfig2.png
The first section is Standard. The Interfaces tab is where you tell the service on which network interfaces to listen on as well as the port to use for SSH. Note that if no interfaces are included this is equivalent to 0.0.0.0, or all interfaces.

 

SSHconfig3.png
The Protocol tab is where you can select which host keys you want to use for server identification (these keys are set up in Configuration->Host Keys).

 

2. Algorithms

SSHconfig4.png
Click on the Algorithms section. The first tab allows you to set the Compression options (from a choice of none and/or zlib) for Client->Server and Server->Client as well as the Compression Level. You can also alter the preferred order of compression using the up and down arrows.

 

SSHconfig5.png
The Ciphers tab allows you to select which ciphers you want to use and set the preferred order again, from a choice of:

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • 3des-ctr

 

SSHconfig6.png
The Macs tab gives you all the hashing algorithm options, choose from:

  • hmac-sha256
  • hmac-sha512
  • hmac-sha2-256
  • hmac-sha1
  • hmac-sha1-96
  • hmac-md5
  • hmac-md5-96

 

SSHconfig7.png
The Key Exchange tab can be used to alter either the diffie-hellman or elliptic curve key exchange options. The choices here are:

  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

You can also alter settings to restart the key exchange after a defined number of packets, or by transfer limit.

 

3. Connection

SSHconfig8.png
Click on the Connection section.
The Connection tab can be used to alter the idle timeout, keep-alives and packet length.

 

SSHconfig9.png
The Authentication tab is where you can set the banner message displayed to users, as well as the maximum authentication attempts.

 

4. Services

SSHconfig10.png

SSHconfig11.png

Lastly the Services tab has settings relating to SFTP/SCP as well as Packet Forwarding options.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.