C613-50631-01 Rev A Command Reference for IE340 Series 3357
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
SECURE SHELL (SSH) COMMANDS
SSH
SERVER SECURE-KEX
ssh server secure-kex
Overview Use this command to force the SSH server to only use key exchange algorithms
that are currently considered best-practice.
For example, using this command stops the device from using the
diffie-hellman-group-exchange-sha1 key exchange algorithm.
Use the no variant of this command to stop forcing the SSH server to use this
restricted set of key-exchange algorithms.
Syntax
ssh server secure-kex [exclude-nist-curves]
no ssh server secure-kex
Default Disabled.
Mode Global Configuration
Usage notes To see the list of key exchange algorithms, use the show ssh server command.
This command is not available in Secure Mode because Secure Mode already
forces the device to use only FIPS-approved algorithms.
Example To force the SSH server to use best-practice key-exchange algorithms, use the
commands:
awplus# configure terminal
awplus(config)# ssh server secure-kex
Related
commands
show ssh server
ssh server
ssh server secure-algs
ssh server secure-ciphers
ssh server secure-hostkey
ssh server secure-mac
Command
changes
Version 5.5.2-2.1: exclude-nist-curves parameter added
Version 5.5.0-2.3: command added
Parameter Description
exclude-nist-curves Also exclude all NIST key exchange algorithms.
Using this parameter may reduce compatibility with
older SSH clients.
To Next Page
Loading...
