Nokia IP265 Security Guide - Page 33
des-cbc, set ssh hostkey, v2 rsa size 1024
View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 33 highlights
4. Allow only FIPS-approved algorithms for encryption and configure the SSH protocol by entering the following commands: set ssh server ciphers 3des-cbc ` keepalives listen-addr IPv4/IPv6 address listen-addr2 IPv4/IPv6 address port server-key-bits 1024 5. Generate host keys for either SSHv1, SSHv2, or both by entering the following commands: set ssh hostkey v1 size 1024 set ssh hostkey v2 rsa size 1024 ` v2 dsa size 1024 6. Enter the Crypto Officer's authorized public key for SSHv1, SSHv2, or both with the following commands: add ssh authkeys v1 user name bits 1024 exponent integer modulus name comment name v2 rsa user name comment name v2 dsa user name comment name 7. For optional configuration settings, see the CLI Reference Guide for IPSO 3.9 or IPSO 4.1 as appropriate. The module can now be managed remotely with SSH-secured management sessions. When changing the configuration, the preceding settings denoted by bold letters and numbers must not be changed. 3.1.6 Management and Monitoring After the initial setup, the Crypto Officer can locally or remotely manage, configure, and monitor the IPSO module with the CLI, or monitor with SNMPv3 (when using IPSO 3.9; SNMP support is not included in IPSO v4.1). The Crypto Officer can manage the Check Point module with the remote management server via the Check Point SmartDashboard application. Through this server, the Crypto Officer can configure policies for the module. These policies determine how the firewall and VPN services of the module function. Screen shots from the Check Point © Copyright 2005, 2006, 2007 Nokia Page 33 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.