Figure 48: SSH
• Strict Host Keycheck—Choose enable, disable, or prompt to control SSH host key checking.
• enable—The connection is rejected if the host key is not already in the FXOS known hosts file.
You must manually add hosts at the FXOS CLI using the enter ssh-host command in the
system/services scope.
• prompt—You are prompted to accept or reject the host key if it is not already stored on the chassis.
• disable—(The default) The chassis accepts the host key automatically if it was not stored before.
• Algorithms—Click Edit ( ). and select the Encryption, Key Exchange, and Mac algorithms.
• Volume Rekey Limit—Set the amount of traffic in KB allowed over the connection before FXOS
disconnects from the session.
• Time Rekey Limit—Set the minutes for how long an SSH session can be idle before FXOS disconnects
the session.
Step 9 Choose SSH Access List. You need to allow access to IP addresses or networks before you can use SSH.
Multi-Instance Mode for the Secure Firewall 3100
47
Multi-Instance Mode for the Secure Firewall 3100
Configure SSH and SSH Access List