Select SSH Known Hosts Lists for engines

To allow connections only to specific trusted servers, select SSH Known Hosts Lists in the Engine Editor.

Note: When Use Strict Known Hosts List is selected for the Server Host Key Validation option in the properties of the custom Service element for SSM SSH Proxy, you must select SSH Known Hosts Lists for the engine. If you do not select an SSH Known Hosts List, connections are not allowed to any hosts.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click a Single Firewall or Firewall Cluster and select Edit <element type>.
  3. In the navigation pane on the left, browse to Add-Ons > Sidewinder Proxy.
  4. Next to the SSH Known Hosts Lists table, click Add.
  5. Select one or more SSH Known Hosts List elements, then click Select.
  6. Click Save.

Next steps

If the default SSH host keys do not meet your needs, or if you want to specify which host keys are used for specific SSH Proxy Services, add host keys for Sidewinder SSH Proxy.

Otherwise, add custom Service elements for Sidewinder SSH Proxy.

Engine Editor – Add-Ons – Sidewinder Proxy

Use this branch to enable and configure Sidewinder Proxies on the engine.

Option Definition
Enable When selected, enables Sidewinder Proxy.
Sidewinder Logging Profile The selected Sidewinder Logging Profile element for the engine. Click Select to open the Select Element dialog box, where you can select a Sidewinder Logging Profile.
SSH Proxy Settings specific to the SSM SSH Proxy.
SSH Known Hosts Lists The selected SSH Known Hosts List elements for the engine.
Add Opens the SSH Known Hosts Lists dialog box, where you can select an SSH Known Hosts List.
Remove Removes the selected element from the list.
Host Keys The SSH host keys used by the firewall when it acts as the SSH server in a connection that uses the SSM SSH Proxy.
Key Type Shows the signature algorithm used for the host key.
Key Length Shows the length of the host key.
SHA256 Fingerprint Shows the SHA256 fingerprint of the host key.
SSH Proxy Services The SSH Proxy Service element with which the host key is used. Double-click the field to open the Select Element dialog box, where you can select a Service element.
Comment

(Optional)

 A comment for your own reference.
Add Opens the Generate New Host Key dialog box.
Remove Removes the selected host key from the list.
Import Opens the Import Host Key dialog box, where you can import an existing host key.
Advanced Settings Opens the Advanced Sidewinder Proxy Settings dialog box.