How to restart the SSH service from API

How to restart the SSH service from API

16822
Created On 02/16/23 21:12 PM - Last Modified 07/12/24 13:31 PM


Objective


  • When hardening Firewall for weak Ciphers as described here, the last step is to restart SSH Service using "set ssh service-restart mgmt"
  • If the user forgets to restart the SSH service, or the configuration is pushed by the HA peer or Panorama;  firewall SSH access is lost.
  • This article covers restarting the SSH service through API using Web access. 

Environment


  • Palo Alto Firewalls or Panorama
  • Any PAN-OS version
  • SSH Service

Procedure


 

  1. If the Firewall does not have FIPS-CC mode enabled, Use console access to the Firewall and restart the SSH service.
  2. If the FIPS-CC mode can't access the console to restart the SSH service, one can use API. 
  3. If the API key is not available, Generate the API key using steps at "Get your API Key"
  4. Once you have API you can use the following command 
https://IP/api/?key=APIKEY&type=op&cmd=<set><ssh><service-restart><mgmt></mgmt></service-restart></ssh></set>


Additional Information


​​​​​The API key lifetime can be adjusted as explained here.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGzwCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language