Configuring SSH profiles

Different SSH cipher configurations are necessary for system security and compatibility. N2OS provides various profiles with customized cipher parameters to meet specific requirements.

About this task

The standard profile offers the highest level of security and has been the system default since version 23.3. The legacy profile ensures compatibility with older systems and was the default configuration prior to version 23.3. The ccn profile complies with the Spanish CCN standards, while the fips profile adheres to Federal Information Processing Standards (FIPS)-approved ciphers.

Choose the profile that best suits your needs and follow the provided commands to change it.

To change the secure shell (SSH) profile, use the following commands:

Procedure

  1. Log in to the console, and enter privileged mode with the command:
    enable-me
  2. Type the following command to change the SSH profile:
    sysrc n2osssh_profile=<standard|legacy|ccn|fips>
  3. Save the configuration change:
    n2os-save
  4. Reboot the appliance to apply the new configuration:
    shutdown -r now
    To disable SSH access via password authentication, you can add the postfix -nopwd to a profile. For example:
    sysrc n2osssh_profile=<standard-nopwd|legacy-nopwd|ccn-nopwd|fips-nopwd>
    CAUTION: With this configuration, SSH access will not be possible unless the SSH key is configured in the Web user interface (UI).
    For more details about how to add SSH keys, see Add an SSH key for an admin user in the Administrator Guide.