| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| infoblox_nios:ssh [2023/03/26 21:10] – bstafford | infoblox_nios:ssh [2025/05/19 09:55] (current) – bstafford |
|---|
| When uploading a public key to NIOS for admin authentication, the file must be of the form | When uploading a public key to NIOS for admin authentication, the file must be of the form |
| <code>ssh-rsa AAAAB3N......x</code> | <code>ssh-rsa AAAAB3N......x</code> |
| | ===== Cipher Version ===== |
| | See [[infoblox_nios:certificates|here]] for details on resetricting ciphers and SSL/TLS types. |
| =====ssl_security_level===== | =====ssl_security_level===== |
| NIOS 9.0 introduced the [[https://docs.infoblox.com/space/nios90/154708496/set+ssl|set ssl_security_level]] command | NIOS 9.0 introduced the [[https://docs.infoblox.com/space/nios90/280790951/set+ssl_security_level|set ssl_security_level]] command |
| |
| * By default the SECLEVEL is set to 1 on upgrade to NIOS 9.0.0 and Infoblox recommends you to change it to SECLEVEL to 2 using the set ssl_security_level command. | * By default the SECLEVEL is set to 1 on upgrade to NIOS 9.0.0 and Infoblox recommends you to change it to SECLEVEL to 2 using the set ssl_security_level command. |
| <code>set ssl_security_level</code> | <code>set ssl_security_level</code> |
| <code>show ssl_security_level</code> | <code>show ssl_security_level</code> |
| | After setting the SSL security level, you will need to manually restart the Web UI. |
| | |
| | From [[https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html|OpenSSL Docs here]] |
| | |
| | * ''Level 1'' The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited. |
| | * ''Level 2'' Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled. |
| | |
| | For NIOS 9.0.4, Ubuntu 22.04 doesn't to support TLS 1 or 1.1 when security level set to 1. Therefore to support TLS 1.0 and 1.1 the default security level changes from 1 to 0. |
| | |
