cpssh

In the R81.10.X releases, this command is available starting from the R81.10.05 version.

Description

SSH deep packet inspection was integrated as part of the Quantum Spark code alignment to R81.10.

The cpssh_config command is used to configure the feature and enable SSH deep packet inspection.

When cpssh_config is used it sends signal USR1 to cpsshd and cpsshd is responsible to update settings in the kernel.

After the kernel is updated, whenever there is an incoming connection, it checks if cpsshd inspection is enabled and if it is, it starts inspecting traffic.

Note - SSH DPI is disabled by default.

Syntax

In Expert mode:

cppsh_config

Example Command

[Expert@gateway1234-53]# cpssh_config

CPSSH key-conf utility. This application assings ssh public keyfiles (myname.pub) to origins.

Use: "cpssh_config -ORIGIN_TYPE -CMD ORIGIN public_key"
ORIGIN_TYPE should be server (s) or client (c)

In case you want to add a server key, the ORIGIN should be the name of the server (example my_ssh_server.com or my_ssh_server.com).
In case you want to add a client key, the ORIGIN should be the [client name]@[client host] (example admin@my_ssh_server.com).
Example usage:
"cpssh_config -s -g my_ssh_server.com -e /home/admin/serv_key.pub ":
	Assigning servers public key serv_key.pub to server host: my_ssh_server.com, the application will generate pair of RSA keys.
	(If the server host (my_ssh_server.com) already exists, the application will fail)
"cpssh_config -c -f -g admin@my_ssh_server.com -e /home/admin/client_key.pub -l /home/admin/serv_key.pub":
	Assigning client public key client_key.pub to client: admin@my_ssh_server.com, and link it to server with public key: serv_key.pub.
	The application will generate pair of RSA keys.
	(If the client (admin@my_ssh_server.com) already exists, the application will overwrite it)
"cpssh_config -s -a my_ssh_server.com -e /home/admin/serv_key.pub -i /home/admin/gwkey":
	Assigning servers public key serv_key.pub to server host: my_ssh_server.com using gateway private key gwkey.
	(If the server host (my_ssh_server.com) already exists, the application will fail)
"cpssh_config -c -f -a admin@my_ssh_server.com  -e /home/admin/client_key.pub -l /home/admin/serv_key.pub -i /home/admin/gwkey":
	Assigning client public key client_key.pub to client: admin@my_ssh_server.com, and link it to server with public key: serv_key.pub, using gateway keys gwkey.pub and gwkey.
	(If the client (admin@my_ssh_server.com) already exists, the application will overwrite it)
"cpssh_config -s -r my_ssh_server.com": Remove server with IP my_ssh_server.com
"cpssh_config -s -v my_ssh_server.com": view one server with IP: my_ssh_server.com

Config options:
"cpssh_config -q": Show available config IDs, read current configuration
"cpssh_config -w KeyExchange": Show configuration for KeyExchange
"cpssh_config -w Cipher -y aes128-cbc -u 0": Set Cipher aes128-cbc to 0 (off)
"cpssh_config -h": Show help

Short Options:
"cpssh_config ion": Enable SSH Inspection
"cpssh_config ioff": Disable SSH Inspection
"cpssh_config istatus": Show status of SSH Inspection
[Expert@gateway1234]#