Setting up and starting SSH

The SSH setup process involves creating host and server keys.

Considerations

You can determine the size of the host and server keys by using the following guidelines:

If you are using the SSH 1.x protocol, the size of the host and server keys can range from 384 bits to 2,048 bits.
If you are using the SSH 2.0 protocol, the size of the host and server keys can range from 768 to 2,048 bits.
As the size increases, the security increases; however, initiating a new SecureAdmin session takes longer and storage system performance might decrease.
The size of the host key must differ from the size of the server key by at least 128 bits. It does not matter which key is larger.

If you are using the SSH 1.x protocol, the host key is stored in the /etc/sshd/ssh_host_key file.

If you are using the SSH 2.0 protocol, the RSA host key is stored in the /etc/sshd/ssh_host_rsa_key file, and the DSA host key is stored in the /etc/sshd/ssh_host_dsa_key file.

Note: The setup procedure requires you to enter key sizes for the SSH 1.x and SSH 2.0 protocols, regardless of the protocol you use. For example, if you plan to use the SSH 2.0 protocol, you still must enter values for the SSH 1.x host key and server key sizes. You can accept the default value for keys that you do not use.

Steps

Enter the following command: secureadmin setup [-f] [-q] ssh
The -f option forces setup to run even if the SSH server has already been configured.

The -q option is the non-interactive mode for setting up SSH. See the na_secureadmin(1) man page for more information.
When prompted, enter a size for the host key if you are using the SSH 1.x protocol.
The default size for the host key is 768 bits.
When prompted, enter a size for the server key if you are using the SSH 1.x protocol.
The default size for the server key is 512 bits.
When prompted, enter a size for the host keys if you are using the SSH 2.0 protocol.
The default size for the host key is 768 bits.
When prompted, confirm the parameters that you specified.
SecureAdmin generates the host key in the background, and, after a minute or two, the setup program sends a syslog message announcing that SSH is set up.
After the syslog message is generated, activate the host and server keys by entering the following command: secureadmin enable {ssh1|ssh2}
Use ssh1 to enable SSH service for SSH 1.x clients or ssh2 to enable SSH service for SSH 2.0 clients.

Parent topic: Ways to manage SSH for SecureAdmin