Symantec 10521146 - Network Security 7120 Administration Manual page 307

Generating SSH keys
The Network Security console provides a way to generate SSH keys. Use SSH
keys when using SCP to securely transfer log files from a 7100 Series appliance
to another machine, or target host, which must support SSH and SCP. To use
SCP, you must first generate SSH keys for your account on the 7100 Series node
and install the resulting public key on the target host.
To generate SSH keys
1
Do one of the following:
On Devices, right-click the 7100 Series node object on which you wish
■
to generate SSH keys, then click Configuration > 7100 Series
Configuration > Generate SSH Keys.
On Devices, click Configuration > Node > 7100 Series Configuration >
■
Generate SSH Keys and choose a node from the pull-down list in Select
Node. Click OK.
2 If a Warning is displayed, read the message and do one of the following:
Click Yes to generate new SSH keys. This replaces any existing keys.
■
Click No to exit the process.
■
3
In Generating SSH Keys, wait while Symantec Network Security generates
the SSH keys.
4 In Public Key, read the public key filename at the top, and the instructions
for installing it on the target host.
In the instructions, <user_home_dir> is the home directory of user on the
target host who can use the public key to decrypt the transferred log files.
This user should not be root.
5 Follow the instructions to add the public key to the target host, and click
Close.
Using SCP to transfer log files
After generating and installing the SSH keys, you can configure log and
database parameters for automatic log rotation to the target host.
To configure automatic log rotation
1 Do one of the following:
On Devices, right-click the 7100 Series node object, then click
■
Configuration > Network Security Parameters.
Advanced configuration
Backing up and restoring
307