|
     |
Add the ECDSA algorithms (remove any key sizes you do not wish to allow) to the list of
auth-publickey signature-algorithms (within the
<authentication-methods> element) in your
ssh-server-config.xml:
<authentication-methods>
<authentication>
<auth-publickey require-dns-match="no"
signature-algorithms="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384, \
ecdsa-sha2-nistp521,ssh-dss,ssh-rsa,ssh-dss-sha256@ssh.com, \
ssh-rsa-sha256@ssh.com,x509v3-sign-dss,x509v3-sign-rsa, \
x509v3-sign-dss-sha256@ssh.com,x509v3-sign-rsa-sha256@ssh.com"/>
<auth-password />
<auth-keyboard-interactive />
</authentication>
</authentication-methods>![[Note]](images/note.gif) | Note |
|---|---|
To enable ECDSA keys for X.509, add also the following to the
|
After you have made the changes, you must stop and start the server to take the new configuration into use:
# /etc/init.d/ssh-server-g3 stop # /etc/init.d/ssh-server-g3 start
| |
Copyright 
2015 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information