Your browser does not allow storing cookies. We recommend enabling them.

SSH

User Keys

Add the ECDSA algorithms (remove any key sizes you do not wish to allow) to the list of auth-publickey signature-algorithms (within the <authentication-methods> element) in your ssh-server-config.xml:

<authentication-methods>
  <authentication>
    <auth-publickey require-dns-match="no" 
        signature-algorithms="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, \
        ecdsa-sha2-nistp521,ssh-dss,ssh-rsa,ssh-dss-sha256@ssh.com, \
        ssh-rsa-sha256@ssh.com,x509v3-sign-dss,x509v3-sign-rsa, \
        x509v3-sign-dss-sha256@ssh.com,x509v3-sign-rsa-sha256@ssh.com"/>
    <auth-password />
    <auth-keyboard-interactive />
  </authentication>
</authentication-methods>
[Note]Note

To enable ECDSA keys for X.509, add also the following to the signature-algorithms list: x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521

After you have made the changes, you must stop and start the server to take the new configuration into use:

# /etc/init.d/ssh-server-g3 stop
# /etc/init.d/ssh-server-g3 start



Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps