Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH

Host Keys

To enable elliptic curve host keys for Tectia Client, add the ECDSA host-key algorithms (remove any algorithms you do not wish to allow) within the <hostkey-algorithms> element below any <kexs> element of your ssh-broker-config.xml. If the <kexs> section does not exist, you can place the <hostkey-algorithms> element above the <authentication-methods> element.

...
</kexs>

<hostkey-algorithms>
  <hostkey-algorithm name="ecdsa-sha2-nistp256" />
  <hostkey-algorithm name="ecdsa-sha2-nistp384" />
  <hostkey-algorithm name="ecdsa-sha2-nistp521" />
  <hostkey-algorithm name="ssh-dss" />
  <hostkey-algorithm name="ssh-rsa" />
  <hostkey-algorithm name="ssh-dss-sha256@ssh.com" />
  <hostkey-algorithm name="ssh-rsa-sha256@ssh.com" />
  <hostkey-algorithm name="x509v3-sign-dss" />
  <hostkey-algorithm name="x509v3-sign-rsa" />
  <hostkey-algorithm name="x509v3-sign-dss-sha256@ssh.com" />
  <hostkey-algorithm name="x509v3-sign-rsa-sha256@ssh.com" />
</hostkey-algorithms>

<authentication-methods>
...
[Note]Note

To enable ECDSA host keys for X.509, add also the following hostkey-algorithm names: x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521.

A test connection will look like this (the –vv option was used for basic debug and some noise was removed from the output):

$ sshg3 -vv root@192.51.100.1 
2015-08-24 15:40:28: 6200 Broker_tcp_connect, Dst: 192.51.100.1, Dst Port: 22,  
Src Port: 49189, Local username: johnd 
2015-08-24 15:40:28: 1002 Algorithm_negotiation_success, 
"kex_algorithm=diffie-hellman-group1-sha1, hostkey_algorithm=ecdsa-sha2-nistp256, 
cipher=crypticore128@ ssh.com/crypticore128@ssh.com, 
mac=crypticore-mac@ssh.com/crypticore-mac@ssh.com , compression=none/none", 
Session-Id: 31 
2015-08-24 15:40:29: 6204 Broker_transport_connect, Dst: 192.51.100.1, 
Dst Port: 22, Remote username: root, Src Port: 49189, Local username: johnd,
Session-I d: 31 
2015-08-24 15:40:29: 1003 KEX_success, Algorithm: diffie-hellman-group1-sha1, 
Modulus: 1024 bits, Session-Id: 31, Protocol-session-Id: 
02A94DF2D6B4441C11E4E333E78E0C208728AE50
2015-08-24 15:40:29: 703 Auth_methods_available, Auth methods: 
gssapi-with-mic,password,publickey,keyboard-interactive, Session-Id: 31 
2015-08-24 15:40:29: 6303 Broker_userauth_method_failure, "publickey", 
Session-Id: 31 
 root@192.51.100.1's password:
… 
Server hostkey algorithm: ecdsa-sha2-nistp256 
Server identity: 256 bit ecdsa key
SHA-1: bd6a1d45f262db8095ee5e6a2eb1c3fac7111d00
xozek-palag-hysak-dykym-byhev-velik-piror-cibiz-pycec-culyb-bexox 
Authentication successful.
Last login: Mon Aug 24 2015 08:31:29 -0400 from 192.168.56.1 

===AUTO_SCHEMA_MARKUP===