Git/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-12-22 17:15:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Drop FortiOS 7.6 section since the majos changes actually were introduced with 7.4.4 instead.

Mathieu Simon 2024-10-02 16:58:48 +02:00
parent 48332f6ccc
commit 399b3050c3
1 changed files with 11 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
Fortinet-FortiOS.md

@ -2,9 +2,14 @@ FortiOS is an embedded operating system used on various appliances from Fortinet
SSH into an appliance running FortiOS, or use a local serial connection in order to apply these options. SSH into an appliance running FortiOS, or use a local serial connection in order to apply these options.
## FortiOS >= 7.6.0 ## FortiOS >= 7.4.0
Starting with FortiOS 7.6 some commands have moved from ``config system global`` to ``config system ssh-config``. FortiOS 7.4 releases have introduced sometimes major changes with each individual release, they are summarized into a single section referencing only the latest version but are outlined here:
* 7.4.4: Several commands have been moved from ``config system global`` to ``config system ssh-config``. Renamed command: ``set ssh-hostkey-algo`` becomes ``set ssh-hsk-algo``
* 7.4.2: ``set ssh-hostkey-algo`` changed, more configurable SSH host key algorithms became available
* 7.4.1: ``set ssh-kex-algo`` changed, more configurable KEX algorithms became available.
* 7.4.0: ``set ssh-hostkey-algo`` added, it allows configuring one or more SSH host key algorithms
``` ```
config system global config system global
@ -22,37 +27,7 @@ config system ssh-config
# These commands do change default settings # These commands do change default settings
set ssh-enc-algo chacha20-poly1305@openssh.com aes256-gcm@openssh.com set ssh-enc-algo chacha20-poly1305@openssh.com aes256-gcm@openssh.com
set ssh-hostkey-algo ssh-ed25519 set ssh-hsk-algo ssh-ed25519
set ssh-kex-algo diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 curve25519-sha256@libssh.org
set ssh-mac-algo hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com
end
```
**References:**
* The following parameters have moved from ``config-system global`` to ``config system ssh-config``: ``ssh-enc-algo``, ``ssh-hostkey-algo``, ``ssh-kex-algo`` and ``ssh-mac-algo``
* [Fortinet document library: FortiGate / FortiOS 7.6.0 CLI Reference > config system ssh-config](https://docs.fortinet.com/document/fortigate/7.6.0/cli-reference/207795941/config-system-ssh-config)
* [Fortinet document library: FortiGate / FortiOS 7.6.0 CLI Reference > config system global](https://docs.fortinet.com/document/fortigate/7.6.0/cli-reference/339914554/config-system-global)
## FortiOS >= 7.4.0 <= 7.6.0
FortiOS 7.4 releases have introduced changes with individual releases, they are summarized into a single section referencing the latest (known/checked) minor release:
* 7.4.2: ``set ssh-hostkey-algo`` changed, more configurable SSH host key algorithms became available
* 7.4.1: ``set ssh-kex-algo`` changed, more configurable KEX algorithms became available.
* 7.4.0: ``set ssh-hostkey-algo`` added, it allows configuring one or more SSH host key algorithms
```
config system global
# These commands shoulnd't change default settings
set admin-ssh-v1 disable
set strong-crypto enable
# These commands do change default settings
set dh-params 8192
set ssh-enc-algo chacha20-poly1305@openssh.com aes256-gcm@openssh.com
set ssh-hostkey-algo ssh-ed25519
set ssh-kex-algo diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 curve25519-sha256@libssh.org set ssh-kex-algo diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 curve25519-sha256@libssh.org
set ssh-mac-algo hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com set ssh-mac-algo hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com
@ -60,6 +35,9 @@ end
``` ```
**References:** **References:**
* [Fortinet document library: FortiGate / FortiOS 7.4.4 CLI Reference > config system global](https://docs.fortinet.com/document/fortigate/7.4.4/cli-reference/339914554/config-system-global) and [config system ssh-config](https://docs.fortinet.com/document/fortigate/7.4.4/cli-reference/207795941/config-system-ssh-config) :
* Commands moved from ``global`` to ``ssh-config``: ``ssh-enc-algo``, ``ssh-kex-algo`` and ``ssh-mac-algo``
* Commands moved from ``global`` to ``ssh-config`` **and** renamed: ``ssh-hostkey-algo`` became ``ssh-hsk-algo``
* [Fortinet document library: FortiGate / FortiOS 7.4.2 CLI Reference > config system global](https://docs.fortinet.com/document/fortigate/7.4.2/cli-reference/2620/config-system-global): * [Fortinet document library: FortiGate / FortiOS 7.4.2 CLI Reference > config system global](https://docs.fortinet.com/document/fortigate/7.4.2/cli-reference/2620/config-system-global):
* ``ssh-hostkey-algo`` allows enabling or disabling **7** HostKeyAlgorithms * ``ssh-hostkey-algo`` allows enabling or disabling **7** HostKeyAlgorithms
* [Fortinet document library: FortiGate / FortiOS 7.4.1 CLI Reference > config system global](https://docs.fortinet.com/document/fortigate/7.4.1/cli-reference/1620): * [Fortinet document library: FortiGate / FortiOS 7.4.1 CLI Reference > config system global](https://docs.fortinet.com/document/fortigate/7.4.1/cli-reference/1620):