Cisco Cisco Content Security Management Appliance M1070 ユーザーガイド
14-28
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 14 Logging
Fri Sep 28 22:20:08 2007 Info: PID 688: User admin commit changes:
Fri Sep 28 23:06:15 2007 Info: PID 688: User admin commit changes:
^Cexample.srv>
.
Configuring Host Keys
Use the
logconfig -> hostkeyconfig
subcommand to manage host keys for use with SSH when
pushing logs to other servers from the Cisco IronPort appliance. SSH servers must have a pair of host
keys, one private and one public. The private host key resides on the SSH server and cannot be read by
remote machines. The public host key is distributed to any client machine that needs to interact with the
SSH server.
keys, one private and one public. The private host key resides on the SSH server and cannot be read by
remote machines. The public host key is distributed to any client machine that needs to interact with the
SSH server.
Note
To manage user keys, see “Managing Secure Shell (SSH) Keys” in the Cisco IronPort AsyncOS for Email
Security Daily Management Guide.
Security Daily Management Guide.
The
hostkeyconfig
subcommand performs the following functions:
In the following example, the commands scan for host keys and add them for the host:
mail3.example.com> logconfig
Currently configured logs:
[ list of logs ]
Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]> hostkeyconfig
Currently installed host keys:
1. mail3.example.com ssh-dss [ key displayed ]
Table 14-24
Managing Host Keys - List of Subcommands
Command
Description
New
Add a new key.
Edit
Modify an existing key.
Delete
Delete an existing key.
Scan
Automatically download a host key.
Print
Display a key.
Host
Display system host keys. This is the value to place in the remote system's
“known_hosts” file.
“known_hosts” file.
Fingerprint
Display system host key fingerprints.
User
Display the public key of the system account that pushes the logs to the remote
machine. This is the same key that appears when setting up an SCP push subscription.
This is the value to place in the remote system's “authorized_keys” file.
machine. This is the same key that appears when setting up an SCP push subscription.
This is the value to place in the remote system's “authorized_keys” file.