博客首页 注册 建议与交流 排行榜 加入友情链接
推荐 投诉 搜索: 帮助

大萝卜的博客

   bu.cublog.cn
关于作者   
姓名:      大萝卜
职业:      听人说,技术支持是IT业最鸡肋的职业,于是我便开始郁闷起来!
个性签名:   我以为我们同属于/30,Ping出Timed out才明白处于不同的Vlan。我尝试着用爱做为Route,并用Traceroute来验证,可是Netstat的Syn_received结果让我无比伤心。于是我选择了deny any和deny ip any any,但是我心里一直期待着Vpn那天的到来,请将我放在你的Acl之内。
Mailto:bxz1981#gmail.com

我的分类  




Authenticate a CLI administrator using SSH

Create the public-private key pair

In the SSH Secure Shell application, do the following:

  1. Go to Edit > Settings.
  2. In the tree view, select Global Settings > User Authentication > Keys.
  3. Select Generate New.
    The Key Generation wizard starts.
  4. Select Next.
  5. Select the Key Type and Key Length.
    The defaults of DSA and 2048-bit key are good choices.
  6. Select Next.
    Wait for key generation to complete.
  7. Select Next.
    Enter a name for your private key file and enter the passphrase you will use to access the private key. You must enter the passphrase identically in the two Passphrase fields. Select Next.
  8. Select Finish.
    The Upload Public Key function is not compatible with FortiGate units.
  9. From the Keys list, select your private key file and then select View.
    Notepad opens showing your public key .
  10. In the SSH Secure Shell application Settings window, select OK to close the Settings window.

The text displayed in Notepad contains your public key plus some other information. You need to copy only the key data to the FortiGate unit.

Copy the public key to the FortiGate unit

Log in to the FortiGate CLI, and do the following:

  1. Enter the following commands:
      config system admin
    edit admin
      set ssh-public-key1 "<key-type> <key-value>"
    <key-type> must be ssh-dss for a DSA key or ssh-rsa for an RSA key. For <key-value>, you must copy and paste the public key data from the Notepad window to the CLI one line at a time. Observe the following so that you copy only the key data:

    • Do not copy the ---- BEGIN SSH2 PUBLIC KEY ---- or Comment: "[2048-bit dsa,...]" lines.
    • Do not copy the ---- END SSH2 PUBLIC KEY ---- line.
    • Do not copy the end-of-line characters that appear as small rectangles in Notepad.

    The command, including the key data, appears as a single long line of text unless your CLI console application wraps the displayed text for you. Make sure that you paste each line of key data at the end of the previously pasted data. Do not forget to type the closing quotation mark before you press Enter.

  2. Enter the end command.

Your SSH Secure Shell application can now authenticate to the FortiGate unit based on SSH keys instead of using the administrator password.

 发表于: 2006-11-22,修改于: 2007-03-07 09:46 已浏览1904次,有评论0条 推荐 投诉

  网友评论

  发表评论



Copyright © 2001-2006 ChinaUnix.net All Rights Reserved

感谢所有关心和支持过ChinaUnix的朋友们
页面生成时间:0.01674

京ICP证041476号