Cisco Cisco ASA 5555-X Adaptive Security Appliance 产品宣传页

(

선택사항) SSH 호스트 키 검사를 비활성화합니다.

예:

ciscoasa# ssh stricthostkeycheck

ciscoasa# copy x scp://cisco@10.86.95.9/x

The authenticity of host '10.86.95.9 (10.86.95.9)' can't be established.

RSA key fingerprint is dc:2e:b3:e4:e1:b7:21:eb:24:e9:37:81:cf:bb:c3:2a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '10.86.95.9' (RSA) to the list of known hosts.

Source filename [x]? 

Address or name of remote host [10.86.95.9]? 

Destination username [cisco]? 

Destination password []? cisco123

Destination filename [x]? 

기본적으로 이 옵션은 활성화되어 있습니다. 이 옵션을 활성화하면 호스트 키를 허용할지 또는 거

부할지 묻는 메시지가 표시됩니다(ASA에 이미 저장되지 않은 경우). 이 옵션을 비활성화하면 
ASA

에서 호스트 키를 자동으로 허용합니다(이전에 저장되지 않은 경우).

(

선택사항) 서버와 해당 키를 ASA 데이터베이스에서 수동으로 추가하거나 삭제합니다.

[no] server ip_address

{key-string

|

 {md5 | sha256} fingerprint}

예:

ciscoasa(config)# ssh pubkey-chain

ciscoasa(config-ssh-pubkey-chain)# server 10.7.8.9

ciscoasa(config-ssh-pubkey-server)# key-string

Enter the base 64 encoded RSA public key.

End with the word "exit" on a line by itself

ciscoasa(config-ssh-pubkey-server-string)# c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87

ciscoasa(config-ssh-pubkey-server-string)# exit

ciscoasa(config-ssh-pubkey-server)# show running-config ssh pubkey-chain

ssh pubkey-chain

  server 10.7.8.9

    key-hash sha256 

f1:22:49:47:b6:76:74:b2:db:26:fb:13:65:d8:99:19:e7:9e:24:46:59:be:13:7f:25:27:70:9b:0e:d2:

86:12

ASA

는 연결한 각 SCP 서버에 대한 SSH 호스트 키를 저장합니다. 원하는 경우 키를 수동으로 관

리할 수 있습니다.
각 서버에 대해 SSH 호스트의 key-string(공개 키) 또는 key-hash(해시 값)를 지정할 수 있습니다.
key_string

은 원격 피어의 Base64 인코딩 RSA 공개 키입니다. 열린 SSH 클라이언트에서, 

즉 .ssh/id_rsa.pub 파일에서 공개 키 값을 얻을 수 있습니다. Base64 인코딩 공개 키를 전송

하면 그 키가 SHA-256을 통해 해시됩니다.
key-hash {md5 | sha256} fingerprint

는 이미 해시된 키(MD5 또는 SHA-256 키를 사용하여)를 입

력합니다. 예를 들어 show 명령 출력에서 복사한 키입니다.