Skip to main content



Cisco Defense Orchestrator

Onboard an SSH Device

At this time, CDO supports a limited set of ciphers for onboarding SSH devices. The supported ciphers are:

aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm,, aes256-gcm,

To determine the ciphers your server supports, login to your SDC and run the command ssh -vv <ip_address>. Now you can successfully onboard you SSH device. 

Onboarding Procedure

Before you onboard your device, review Connect to Cisco Defense Orchestrator using Secure Device Connector.

To onboard a Firepower Threat Defense Device using SSH, follow this procedure: 

  1. In the navigation pane, click Devices & Services page.
  2. Click the blue plus button blue_cross_button.png to onboard a device.
  3. Click the Integrations tile.
  4. Give the device a name. 
  5. Click the Secure Device Connector (SDC) button and select the SDC in your network that this device will communicate with. The default SDC is displayed but you can change it by clicking the SDC name. 
  6. In the Integrations drop-down menu, select Generic SSH
  7. Enter the device's location as either the FDQN or IPv4 address. The default SSH port is 22. 
  8. Click Go. CDO locates the device and prepares to integrate the configuration.
  9. Download the SSH fingerprint and save locally. If you've never connected to this device through SSH before, this fingerprint allows you to confirm the device. 
  10. Enter the Username and Password login credentials for the device you are onboarding. CDO cannot successfully read the existing configuration without the correct login information. 
  11. (Optional) Enter the Enable Password if you've previously configured one for this device. 
  12. (Optional) Select a Configuration Command from the drop-down menu, or enter a custom command in the textbox. This command will be used as the configuration for the device; if OOB is enabled, CDO checks for changes and you can view the current value of this in the Configuration page. Note that you can change this command once the device is successfully onboarded to CDO. 
  13. Click Connect.

Note: If the login credentials were incorrect, you will be prompted to review the connection details. Here you can re-enter the login information. If you exit the review without correcting the credentials, the device has an integration instance in the Devices & Services page but the device is not onboarded or synchronized. 

  1. (Optional) Add labels to this device. 
  2. Click Continue
  3. The device onboards to CDO. Click Finish
  4. Return to the Devices & Services page. After the device has been successfully onboarded, you will see that the Configuration Status is "Synced" and the Connectivity state is "Online." 

Note: Once a device is onboarded, you can change the configuration command to be executed. You can use a custom command or create a CLI macro. 

  1. (Optional) If you want you can write a note about the device by typing it in the device's Notes page. See Device Notes for more information. 


Related Articles

  • Was this article helpful?