Configure Ssh Access; Configure Ssh Via Cli - Cisco Firepower 4110 Preparative Procedures & Operational User Manual

Cisco Preparative Procedures & Operational User Guide

4.5.5 Configure SSH Access

The following procedure describes how to enable or disable SSH access to the Firepower chassis. SSH is
enabled by default.

4.5.5.1 Configure SSH via CLI

The following procedure describes how to enable or disable SSH access to the Firepower chassis. SSH is
enabled by default.
1) Enter system mode:
Firepower-chassis # scope system
2) Enter system services mode:
Firepower-chassis /system # scope services
3) To configure SSH access to the Firepower chassis, do one of the following:
• To allow SSH access to the Firepower chassis, enter the following command:
Firepower-chassis /system/services # enable ssh-server
• To disallow SSH access to the Firepower chassis, enter the following command:
Firepower-chassis /system/services # disable ssh-server
4) Display the SSH settings:
Firepower-chassis /system/services # show ssh-sever
5) Set the Approved algorithms only:
Firepower-chassis /system/services # set ssh-server aes128-cbc aes256-cbc
Firepower-chassis /system/services # set ssh-server mac-algorithm hmac-
sha1 hmac-sha2-256 hmac-sha2-512
Firepower-chassis /system/services # set ssh-server kex-algorithm diffie-
hellman-group14-sha1
6) Configure the SSH Rekey limit:
Firepower /system/services # set ssh-server rekey-limit volume [KB] time
[Minutes]
7) Commit the transaction to the system configuration:
Firepower /system/services # commit-buffer
© 2016 Cisco Systems, Inc. All rights reserved.