353
• In FIPS mode:
ssh2
{ aes128-cbc | aes256-cbc |
aes128-ctr | aes192-ctr |
aes256-ctr | aes128-gcm |
aes256-gcm } *
descending order of priority for
algorithm negotiation.
Specifying MAC algorithms for SSH2
1. Enter system view.
system-view
N/A
2.
Specify MAC algorithms for
SSH2.
• In non-FIPS mode:
ssh2 algorithm mac { md5 |
md5-96 | sha1 | sha1-96 |
sha2-256 | sha2-512 } *
• In FIPS mode:
ssh2 algorithm mac { sha1
| sha1-96 | sha2-256 |
}
*
By default, SSH2 uses the MAC
algorithms
sha2-256
,
sha2-512
,
sha1
,
md5
,
sha1-96
, and
md5-96
in descending order of priority for
algorithm negotiation.
Displaying and maintaining SSH
Execute display commands in any view.
Display the source IP address configured for
the SFTP client.
display sftp client source
Display the source IP address configured for
the Stelnet client.
display ssh client source
Display SSH server status or sessions.
{
|
}
Display SSH user information on the SSH
server.
display ssh user-information
[ username ]
Display the public keys of the local key pairs.
display public-key local
{
dsa
|
ecdsa
|
rsa
}
public
[
name
publickey-name ]
Display the public keys of the SSH peers.
[
|
publickey-name ]
Stelnet configuration examples
Devices in the configuration examples are in non-FIPS mode.
When you configure Stelnet on a device that operates in FIPS mode, follow these restrictions and
guidelines:
• The modulus length of RSA key pairs must be 2048 bits.
• When the device acts as the Stelnet server, it supports only ECDSA and RSA key pairs. If both
ECDSA and RSA key pairs exist on the server, the server uses the ECDSA key pair.
To Next Page
Loading...
Need help?
General