11.2.4 Changing the Encryption Algorithm Settings for SSHv2 Servers

SSHv2 security features use key exchange, encryption, and messaging authentication in addition to host and user authentication. The Switch's SSHv2 servers support several algorithms for key exchange, encryption, and messaging.

Points to note

Set the algorithm to be used from multiple supported algorithms.

Command examples

1. (config)# ip ssh key-exchange ecdh-sha2-nistp256 diffie-hellman-group14-sha256

   Configure SSHv2 servers to use only ecdh-sha2-nistp256 and diffie-hellman-group14-sha256 as key exchange algorithms.

2. (config)# ip ssh ciphers aes128-gcm@openssh.com aes128-ctr

   Configure the encryption algorithm for SSHv2 servers to use only an authenticated encryption aes128-gcm@openssh.com and a symmetric encryption aes128-ctr.

3. (config)# ip ssh macs hmac-sha2-256 hmac-sha1

   Configure SSHv2 servers to use only hmac-sha2-256 and hmac-sha1 as message-authentication code algorithms.