267
• sha1: Specifies the HMAC algorithm hmac-sha1.
• sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex: Specifies the preferred key exchange algorithm. The default algorithm is dh-group-exchange
in non-FIPS mode and is dh-group14 in FIPS mode. Algorithm dh-group14 features stronger security but
costs more time in calculation than dh-group1
• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1.
publickey keyname: Specifies the server by its host public key, which is used to authenticate the server.
The keyname argument is a case-insensitive string of 1 to 64 characters.
source: Specifies a source IP address or source interface to connect to the server. By default, the device
automatically selects the source IP address from the routing table. To avoid the communication failure
between the client and the server due to interface faults, use the specified Loopback interface as the
source interface, and either IP address of the two interfaces as the source IP address.
interface interface-type interface-number: Specifies a source interface. The interface-type
interface-number argument specifies a source interface by its type and number. The IPv6 address of this
interface is the source IP address to send packets.
ipv6 ipv6-address: Specifies a source IPv6 address.
Usage guidelines
When the server adopts publickey authentication to authenticate a client, the client must get the local
private key for digital signature. Because publickey authentication uses either RSA or DSA algorithm, you
must specify a public key algorithm (by using the identity-key keyword) in order to get the correct data
for the local private key.
Examples
# Establish a connection to the IPv6 Stelnet server (2000::1) and specify the public key of the server as
svkey. The SSH client uses publickey authentication. Use the following algorithms:
• The preferred key exchange algorithm is dh-group14.
• The preferred server-to-client encryption algorithm is aes128.
• The preferred client-to-server HMAC algorithm is sha1.
• The preferred server-to-client HMAC algorithm is sha1-96.
• The preferred compression algorithm between the server and client is zlib.
<Sysname> ssh2 ipv6 2000::1 prefer-kex dh-group14 prefer-stoc-cipher aes128
prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib publickey svkey
To Next Page
Loading...
Need help?
General
