Modifying the SSH domain client profile

Each domain has an SSH domain client profile. The SSH domain client profile defines the cipher suites. These cipher suites enable connections with an SFTP server when an SSH client when the SFTP request matches no SFTP client policy. These client policies are defined in the referenced user agent of the XML manager. Only SFTP poller handlers use the SSH domain client profile.

About this task

The ciphers, KEX algorithms, and MAC algorithms in the SSH domain client profile for SFTP connection are used only when the SFTP request matches no SFTP client policy. With an associated SFTP client policy, the ciphers, KEX algorithms, and MAC algorithms in an SSH client profile overrides the setting in the SSH domain client profile in the following way.
  • When you define an SSH client profile and specify ciphers, KEX algorithms, and MAC algorithms, they override the ones in the SSH domain client profile.
  • When you define an SSH client profile and specify no ciphers, KEX algorithms, and MAC algorithms, the default ciphers are used. In other words, the ciphers, KEX algorithms, and MAC algorithms in the SSH domain client profile are not used.
You can specify a list of SSH cipher suites, KEX algorithms, and MAC algorithms in preferred order. The ciphers, KEX algorithms, and MAC algorithms are used to negotiate SSH connections with the remote SSH server. When you specify no ciphers or algorithms, the DataPower® Gateway uses its default cipher suites. For more information, see the documentation for the following commands.

When you specify no ciphers or algorithms, the default cipher suites are used. For more information, see the documentation for the following commands.

Procedure

  1. In the search field, enter ssh.
  2. From the search results, click SSH domain client profile.
  3. Set the administrative state of the configuration.
  4. In the Comments field, enter a brief, descriptive summary for the configuration.
  5. Optional: From the Ciphers list, modify the list of ciphers in order of preference.
  6. Optional: From the Key exchange algorithms list, modify the list of KEX algorithms in order of preference.
  7. Optional: From the Message authentication codes list, modify the list of MAC algorithms in order of preference.
  8. Click Apply to save changes to the running configuration.
  9. Click Save to save changes to the persisted configuration.