Specifying SSH Encryption Ciphers
The SSH Configuration mode ciphers CLI command configures the cipher priority list in sshd for SSH
symmetric encryption. It changes the cipher options for that context.
Step 1
Enter the SSH Configuration mode.
[local]host_name(config-ctx)# server sshd
Step 2
Specify the desired encryption algorithms.
[local]host_name(config-sshd)# ciphers algorithms
Notes:
•
algorithms is a string of 1 through 511 alphanumeric characters that specifies the algorithm(s) to be used as a single
string of comma-separated variables (no spaces) in priority order (left to right) from those shown below:
• blowfish-cbc – symmetric-key block cipher, Cipher Block Chaining, (CBC)
• 3des-cbc – Triple Data Encryption Standard, CBC
• aes128-cbc – Advanced Encryption Standard (AES), 128-bit key size, CBC
• aes128-ctr – AES, 128-bit key size, Counter-mode encryption (CTR)
• aes192-ctr – AES, 192-bit key size, CTR
• aes256-ctr – AES, 256-bit key size, CTR
• aes128-gcm@openssh.com – AES, 128-bit key size, Galois Counter Mode [GCM], OpenSSH
• aes256-gcm@openssh.com – AES, 256-bit key size, GCM, OpenSSH
• chacha20-poly1305@openssh.com – ChaCha20 symmetric cipher, Poly1305 cryptographic Message
Authentication Code [MAC], OpenSSH
The default string for algorithms in a Normal build is:
blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,
chacha20-poly1305@openssh.com
The default string for algorithms in a Trusted build is:
aes256-ctr,aes192-ctr,aes128-ctr
Step 3
Exit the SSH Configuration mode.
[local]host_name(config-sshd)# end
[local]host_name#
ASR 5500 System Administration Guide, StarOS Release 21.4
31
Getting Started
SSH Host Keys
To Next Page
Loading...
General
