Creating SSH client profiles

An SSH client profile defines the authentication type, credentials, and cipher suites to use for an SSH client connection.

About this task

When you use an SSH client profile with the SFTP protocol, the following guidelines apply.
  • Authentication can be public key or password or both public key and password. If the configuration includes both authentication methods, public key authentication is attempted first.
  • You can specify a list of SSH cipher suites, key exchange (KEX) algorithms, and message authentication code (MAC) algorithms in preferred order. The ciphers, KEX algorithms, and MAC algorithms are used to negotiate SSH connections with the remote SSH server. When you specify no ciphers or algorithms, the default cipher suites are used. For more information, see the documentation for the following commands.
An SSH client profile is used in the following configurations.
  • SFTP poller handlers.
  • SFTP client policies in a user agent, which control the client settings for outbound SFTP connections for requests that match the URL expression.

Procedure

  1. In the search field, enter ssh.
  2. From the search results, click SSH client profile.
  3. Click Add.
  4. In the Name field, enter the name for the configuration.
  5. Set the administrative state of the configuration.
  6. In the Username field, enter the name of the user.
  7. From the Profile usage list, select SFTP.
  8. From the User authentication list, select authentication types.
    • For public key authentication, select the key from the User private key list.
    • For password authentication, select the password alias from the Password alias list.
  9. Optional: Set the Persistent connections property to indicate whether to enable or disable persistent connections.
  10. For persistent connections, enter the idle timeout in the Persistent connection idle timeout field.
  11. Optional: Set the Strict host key checking property to indicate whether the SSH client rejects or accepts an incoming key for host authentication.
    You cannot define SSH known hosts until after you save your changes to the running configuration.
  12. Optional: From the Ciphers list, modify the list of ciphers in order of preference.
  13. Optional: From the Key exchange algorithms list, modify the list of KEX algorithms in order of preference.
  14. Optional: From the Message authentication codes list, modify the list of MAC algorithms in order of preference.
  15. When strict host key checking is enabled, click Add SSH known host to define SSH peers as SSH known hosts.
    1. In the Host field, enter the fully qualified hostname or IP address for the SSH peer.
    2. From the Type list, select the key type for the SSH peer.
    3. In the Key field, enter the host key value for the SSH peer.
    4. Click Add SSH known host, and follow the prompts.
    5. Optional: Repeat this step to define another SSH peer.
  16. Click Apply to save changes to the running configuration.
  17. Click Save to save changes to the persisted configuration.