Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiExtender 7.6.5 CLI Reference
    7.6.5
    7.6.5
    7.6.4
    7.6.2
    7.6.1
    7.6.0
    7.4.4
    7.4.1
    7.4.0
    7.2.3

    config ssh-crypto

    config ssh-crypto

    Description: Configure system SSH crpyto.

    config system ssh-crpyto
  set strong-crypto [enable | disable]
end

    Sample command:

    config system ssh-crypto
  set strong-crypto enable
  set ssh-enc-algo aes256-ctr aes256-gcm@openssh.com
  set ssh-hsk-algo ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-256 rsa-sha2-512 ssh-ed25519
  set ssh-kex-algo curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512
  set ssh-mac-algo hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com
end
    Parameter Description Type Size Default
    strong-crypto Enable/disable strong encryption for SSH option - disable

    Option Description
    enable Enable strong encryption for SSH
    disable Disable strong encryption for SSH
    set ssh-enc-algo

    Set supported ciphers for ssh-enc-algo.

    		 option - aes256-ctr aes256-gcm@openssh.com

    Option Description
    aes256-ctr aes256-ctr
    aes256-gcm@openssh.com aes256-gcm@openssh.com
    set ssh-hsk-algo

    Set supported ciphers for ssh-hsk-algo.

    		 option - ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 rsa-sha2-256 rsa-sha2-512 ssh-ed25519

    Option Description
    ecdsa-sha2-nistp256 ecdsa-sha2-nistp256
    ecdsa-sha2-nistp384 ecdsa-sha2-nistp384

    ecdsa-sha2-nistp521

    ecdsa-sha2-nistp521

    rsa-sha2-256

    rsa-sha2-256

    rsa-sha2-512

    rsa-sha2-512

    ssh-ed25519

    ssh-ed25519
    set ssh-kex-algo

    Set supported ciphers for ssh-kex-algo.

    option

    -

    		 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521

    Option Description
    curve25519-sha256@libssh.org curve25519-sha256@libssh.org
    diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha256
    diffie-hellman-group14-sha256 diffie-hellman-group14-sha256
    diffie-hellman-group16-sha512 diffie-hellman-group16-sha512
    diffie-hellman-group18-sha512 diffie-hellman-group18-sha512

    set ssh-mac-algo

    Set supported ciphers for ssh-mac-algo.

    option

    -

    hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com
    Option Description
    hmac-sha2-256 hmac-sha2-256
    hmac-sha2-256-etm@openssh.com hmac-sha2-256-etm@openssh.com

    hmac-sha2-512

    hmac-sha2-512

    hmac-sha2-512-etm@openssh.com

    hmac-sha2-512-etm@openssh.com
    Previous
    Next

    config ssh-crypto

    config ssh-crypto

    Description: Configure system SSH crpyto.

    config system ssh-crpyto
  set strong-crypto [enable | disable]
end

    Sample command:

    config system ssh-crypto
  set strong-crypto enable
  set ssh-enc-algo aes256-ctr aes256-gcm@openssh.com
  set ssh-hsk-algo ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-256 rsa-sha2-512 ssh-ed25519
  set ssh-kex-algo curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512
  set ssh-mac-algo hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com
end
    Parameter Description Type Size Default
    strong-crypto Enable/disable strong encryption for SSH option - disable

    Option Description
    enable Enable strong encryption for SSH
    disable Disable strong encryption for SSH
    set ssh-enc-algo

    Set supported ciphers for ssh-enc-algo.

    		 option - aes256-ctr aes256-gcm@openssh.com

    Option Description
    aes256-ctr aes256-ctr
    aes256-gcm@openssh.com aes256-gcm@openssh.com
    set ssh-hsk-algo

    Set supported ciphers for ssh-hsk-algo.

    		 option - ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 rsa-sha2-256 rsa-sha2-512 ssh-ed25519

    Option Description
    ecdsa-sha2-nistp256 ecdsa-sha2-nistp256
    ecdsa-sha2-nistp384 ecdsa-sha2-nistp384

    ecdsa-sha2-nistp521

    ecdsa-sha2-nistp521

    rsa-sha2-256

    rsa-sha2-256

    rsa-sha2-512

    rsa-sha2-512

    ssh-ed25519

    ssh-ed25519
    set ssh-kex-algo

    Set supported ciphers for ssh-kex-algo.

    option

    -

    		 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521

    Option Description
    curve25519-sha256@libssh.org curve25519-sha256@libssh.org
    diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha256
    diffie-hellman-group14-sha256 diffie-hellman-group14-sha256
    diffie-hellman-group16-sha512 diffie-hellman-group16-sha512
    diffie-hellman-group18-sha512 diffie-hellman-group18-sha512

    set ssh-mac-algo

    Set supported ciphers for ssh-mac-algo.

    option

    -

    hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com
    Option Description
    hmac-sha2-256 hmac-sha2-256
    hmac-sha2-256-etm@openssh.com hmac-sha2-256-etm@openssh.com

    hmac-sha2-512

    hmac-sha2-512

    hmac-sha2-512-etm@openssh.com

    hmac-sha2-512-etm@openssh.com
    Previous
    Next