Saucepan

User Tools

Site Tools

Trace: globalprotect edl bgp lacp testing_panos technical_support_file logs user_id
paloaltonetworks:configuration:certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:configuration:certificates [2021/02/17 08:55] – [Secure SSH Encryption on Management Interface] bstaffordpaloaltonetworks:configuration:certificates [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 75: Line 75:
 After setting the cipher suite, you will need to run the following command. Or, you can type ''exit'' and then run the above command without the 'run' at the start. After setting the cipher suite, you will need to run the following command. Or, you can type ''exit'' and then run the above command without the 'run' at the start.
 <code>run set ssh service-restart mgmt</code> <code>run set ssh service-restart mgmt</code>
 +===== Test SSH NMAP =====
 +<code>nmap --script ssh2-enum-algos -sV -p 22 10.1.1.1</code>
  
-===== Official SSH Secure ===== 
-From [[https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN5bCAG|here]]. 
-<code>configure 
-delete deviceconfig system ssh 
-set deviceconfig system ssh ciphers mgmt aes256-ctr 
-set deviceconfig system ssh ciphers mgmt aes256-gcm 
-set deviceconfig system ssh default-hostkey mgmt key-type ECDSA 256 
-set deviceconfig system ssh regenerate-hostkeys mgmt key-type ECDSA key-length 256 
-set deviceconfig system ssh session-rekey mgmt interval 3600 
-set deviceconfig system ssh mac mgmt hmac-sha2-256 
-set deviceconfig system ssh mac mgmt hmac-sha2-512</code> 
  
-<code>commit</code> 
-<code>set ssh service-restart mgmt</code> 
  
 ===== Self-Signed Elliptic Curve Certificates ===== ===== Self-Signed Elliptic Curve Certificates =====
paloaltonetworks/configuration/certificates.1613552108.txt.gz · Last modified: (external edit)