11.2.4 Changing the Encryption Algorithm Settings for SSHv2 Servers
SSHv2 security features use key exchange, encryption, and messaging authentication in addition to host and user authentication. The Switch's SSHv2 servers support several algorithms for key exchange, encryption, and messaging.
- Points to note
-
Set the algorithm to be used from multiple supported algorithms.
Command examples
-
(config)# ip ssh key-exchange ecdh-sha2-nistp256 diffie-hellman-group14-sha256
Configure SSHv2 servers to use only ecdh-sha2-nistp256 and diffie-hellman-group14-sha256 as key exchange algorithms.
-
(config)# ip ssh ciphers aes128-gcm@openssh.com aes128-ctr
Configure the encryption algorithm for SSHv2 servers to use only an authenticated encryption aes128-gcm@openssh.com and a symmetric encryption aes128-ctr.
-
(config)# ip ssh macs hmac-sha2-256 hmac-sha1
Configure SSHv2 servers to use only hmac-sha2-256 and hmac-sha1 as message-authentication code algorithms.