SSH

Host Key

Enabling Elliptic Curve Host Keys

To enable ECDSA host-key algorithms for Tectia Server, do the following:

  1. Go to Connections and Encryption and select the Parameters tab. In the Encryption section's Hostkey Algorithms list, select ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521. The algorithms will be highlighted blue when enabled.

    Enabling elliptic curve host-key algorithms for Tectia Server

    Figure 2.6. Enabling elliptic curve host-key algorithms for Tectia Server

  2. Click Apply.

  3. For immediate effect, stop and start Tectia Server.

[Note]Note

To enable ECDSA keys for X.509, repeat the process above but select the algorithms named x509v3-ecdsa-sha2-*.

Creating ECDSA Host Key

  1. Go to the Identity page.

    Creating ECDSA host key

    Figure 2.7. Creating ECDSA host key

  2. In the Host Key (ECDSA) section, click Generate ECDSA Key.

  3. Click Apply.

  4. For immediate effect, stop and start Tectia Server.

[Note]Note

If you wish to use only ECDSA host keys, remove trace of any other host key location.