Security Analytics utilizes secure keys for authenticating to a remote backup server, enabling the offloading of backups to a trusted external source via a Secure Shell (SSH) connection. By default, the system is configured to use RSA keys for this SSH authentication. If your organization requires the use of ECDSA keys (Elliptic Curve Digital Signature Algorithm) for SSH instead, instructions are available to manually update the remote backup configuration. ECDSA is a specific type of cryptographic key algorithm used within the SSH protocol, not an alternative to SSH.

Security Analytics 8.2.x
Security Analytics 8.3.x

The automated backup process uses a scheduled job (controlled by cron) on the appliance. This process first checks for configuration changes, then creates a compressed archive (a tarball), and finally transfers this file securely using SCP (Secure Copy Protocol) to the configured remote server.  

1. Generate the ECDSA Key Pair: Use a standard utility (e.g., ssh-keygen) on your management machine to generate an ECDSA private/public key pair that will be used for secure authentication from the appliance to the backup server.
2. Navigate to the appliance GUI: Settings > System. Under Automated Backup Management, enter the connection details for the preferred remote backup server.
3. Choose "Full System" as the backup type.
4. Click the "Generate New SSH Keys" button in the GUI. This step is necessary to create the required file paths/placeholders. This action generates placeholder RSA key files (backup_rsa and backup_rsa.pub) in the /etc/ssh directory.
5. Access the appliance command line interface (CLI) with root privileges.
6. Using a text editor (e.g., vi), open and edit the two key files in /etc/ssh: backup_rsa (private key) and backup_rsa.pub (public key).
7. Delete the existing RSA key content and paste the respective ECDSA key content (generated in Step 1) into each file.
8. Do not change the file names or permissions; only the content should be updated. Save the files.

The automated backups will now use the custom ECDSA key pair for secure authentication with the remote server.

Important Note: Re-clicking the "Generate New SSH Keys" button in the GUI will overwrite the custom ECDSA keys with new RSA keys, requiring you to repeat the manual key replacement process.

More information about the backup and restore feature can be found here:  Backup and Restore