Scribd
Upload
48 views3 pages

Configure An Administrator With SSH Key-Based Authentication For The CLI

The document provides a guide for configuring SSH key-based authentication for administrators accessing the Panorama CLI, emphasizing its security advantages over passwords. It outlines the steps for generating an SSH key pair, configuring the administrator account for public key authentication, and verifying access. Additionally, it mentions fallback authentication methods and the importance of securing the private key with a passphrase.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views3 pages

Configure An Administrator With SSH Key-Based Authentication For The CLI

The document provides a guide for configuring SSH key-based authentication for administrators accessing the Panorama CLI, emphasizing its security advantages over passwords. It outlines the steps for generating an SSH key pair, configuring the administrator account for public key authentication, and verifying access. Additionally, it mentions fallback authentication methods and the importance of securing the private key with a passphrase.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

(/content/techdocs/en_US.

html)

Updated on Thu Oct 03 16:39:51 UTC 2024

Home (/) | Panorama (/content/techdocs/en_US/panorama.html)


| Panorama Administrator's Guide (/content/techdocs/en_US/panorama/11-0/panorama-admin.html)
| Set Up Panorama (/content/techdocs/en_US/panorama/11-0/panorama-admin/set-up-panorama.html)
| Set Up Administrative Access to Panorama (/content/techdocs/en_US/panorama/11-0/panorama-admin/set-up-panorama/set-up-
administrative-access-to-panorama.html)
| Configure Administrative Accounts and Authentication (/content/techdocs/en_US/panorama/11-0/panorama-admin/set-up-
panorama/set-up-administrative-access-to-panorama/configure-administrative-accounts-and-authentication.html)
| Configure an Administrator with SSH Key-Based Authentication for the CLI (/content/techdocs/en_US/panorama/11-0/panorama-
admin/set-up-panorama/set-up-administrative-access-to-panorama/configure-administrative-accounts-and-authentication/configure-an-
administrator-with-ssh-key-based-authentication-for-the-cli.html)

DOWNLOAD PDF (/CONTENT/DAM/TECHDOCS/EN_US/PDF/PANORAMA/11-0/PANORAMA-ADMIN/PANORAMA-


ADMIN.PDF)

Panorama Administrator's Guide


(/content/techdocs/en_US/panorama/11-
0/panorama-admin.html)
Configure an Administrator with SSH Key-Based Authentication for the CLI

Table of Contents

End-of-Life (EoL)

For administrators who use Secure Shell (SSH) to access the Panorama CLI, SSH keys provide a more secure authentication
method than passwords. SSH keys almost eliminate the risk of brute-force attacks, provide the option for two-factor
authentication (private key and passphrase), and don’t send passwords over the network. SSH keys also enable automated
scripts to access the CLI.

STEP 1 -
Use an SSH key generation tool to create an asymmetric key pair on the client system of the administrator.

The supported key formats are IETF SECSH and Open SSH. The supported algorithms are DSA (1024 bits) and
RSA (768-4096 bits).

For the commands to generate the key pair, refer to your SSH client documentation.

The public key and private key are separate files. Save both to a location that Panorama can access. For added
security, enter a passphrase to encrypt the private key. Panorama prompts the administrator for this passphrase
during login.
x
Thanks for visiting
https://docs.paloaltonetworks.com
STEP 2 - (https://docs.paloaltonetworks.com). To

Configure the administrator account to use public key authentication. improve your experience when accessing
content across our site, please add the
This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By to the allow list on your ad blocker
domain

continuing to browse this site, you acknowledge the use of cookies. Privacy statement application.
❯ Cookie Settings
A Configure a Panorama Administrator Account (/content/techdocs/en_US/panorama/11-0/panorama-
(https://www.paloaltonetworks.com/legal-notices/privacy)
admin/set-up-panorama/set-up-administrative-access-to-panorama/configure-administrative-accounts-
and-authentication/configure-a-panorama-administrator-account.html#id23798e8c-637f-4e7c-8ff8-

f1f61a88d6ce).

Configure one of two authentication methods to use as a fallback if SSH key authentication fails:

External authentication service—Select an Authentication Profile.

Local authentication—Set the Authentication Profile to None and enter a Password and Confirm
Password.

Select the Use Public Key Authentication (SSH) check box, click Import Key, Browse to the public key

you just generated, and click OK.

B Click OK to save the administrative account.

C Select Commit > Commit to Panorama and Commit your changes.

STEP 3 -
Configure the SSH client to use the private key to authenticate to Panorama.

Perform this task on the client system of the administrator. Refer to your SSH client documentation as needed
to complete this step.

STEP 4 -
Verify that the administrator can access the Panorama CLI using SSH key authentication.

A Use a browser on the client system of the administrator to go to the Panorama IP address.

B Log in to the Panorama CLI as the administrator. After entering a username, you will see the following
output (the key value is an example):

Authenticating with public key “dsa-key-20130415”

C If prompted, enter the passphrase you defined when creating the keys.

Was this information helpful?

Yes No

Previous

Configure a (/content/techdocs/en_US/panorama/11-
Next (/content/techdocs/en_US/panorama/11-
Panorama 0/panorama-admin/set-up-
0/panorama-admin/set-up-
Administrator panorama/set-up-administrative-access- Configure
panorama/set-up-administrative-access-
with to-panorama/configure-administrative- RADIUS to-panorama/configure-administrative-
Certificate- accounts-and-authentication/configure- Authentication x
accounts-and-authentication/configure-
Based a-panorama-administrator-with- for Panorama Thanks for visiting
radius-authentication-for-panorama-
https://docs.paloaltonetworks.com
Authentication certificate-based-authentication-for-the- Administrators
administrators.html)
(https://docs.paloaltonetworks.com). To
for the Web web-interface.html)
improve your experience when accessing
Interface content across our site, please add the
This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By to the allow list on your ad blocker
domain

continuing to browse this site, you acknowledge the use of cookies. Privacy statement application.

(https://www.paloaltonetworks.com/legal-notices/privacy)
Technical Documentation Co

Release Notes (/content/techdocs/en_US/release-notes.html) Abo


Search (/content/techdocs/en_US/search.html) Care
Blog (https://www.paloaltonetworks.com/blog/category/technical- Cus
documentation/) LIVE
Compatibility Matrix (/content/techdocs/en_US/compatibility- Kno
matrix.html)
OSS Listings (/content/techdocs/en_US/oss-listings.html)
Sitemap (/content/techdocs/en_US/sitemap.html)

(https://www.facebook.com/PaloAltoNetworks) (https://w
(https://www.youtube.com/channel/UCPRouchFt58TZnjoI65aelA)

(/content/techdocs/en_US.html) © 2025 Palo Alto Ne

x
Thanks for visiting
https://docs.paloaltonetworks.com
(https://docs.paloaltonetworks.com). To
improve your experience when accessing
content across our site, please add the
This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By to the allow list on your ad blocker
domain

continuing to browse this site, you acknowledge the use of cookies. Privacy statement application.

(https://www.paloaltonetworks.com/legal-notices/privacy)

You might also like