Module "CPSSH" (SSH Inspection)

R80.40 introduced SSH Deep Packet Inspection - decryption / encryption of SSH, extraction of files from SFTP/SCP, blocking of SSH port forwarding, and so on.

For more information, see the R82 Threat Prevention Administration Guide.

Syntax

Important - In addition, enable the debug flag "cpsshi" in Module "fw" (Firewall).

Flag

Description

authentication

Detailed information about authentication

binary_packet

Detailed information about packets

conn_proto

Detailed information about connections

crypto

Encryption and decryption

Note - In addition, see Module "crypto" (SSL Inspection).

dump

Dumps the connection buffer

error

General errors

info

General information

mux_auth_app

Information about authentication

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_conn_app

Information about connections

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_decrypt_app

Information about decryption of connections

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_encrypt_app

Information about encryption of connections

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_inf

Internal flow

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_ssh_parser_app

Currently is not used

mux_stream

Internal flow

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

probe

Information about connections

session

Internal flow

sftp_parser

Parser of SFTP / SCP connections

state_machine

Information about the module State Machine

trans_proto

Information about client and server communication

warning

General warnings