143
Random number generator (RNG).
GCM.
GMAC.
New feature: SSH support for Suite B
Configuring SSH based on Suite B algorithms
Suite B contains a set of encryption and authentication algorithms that meet high security
requirements. Table 2 lists all algorithms in Suite B.
The SSH server and client support using the X.509v3 certificate for identity authentication in
compliance with the algorithm, negotiation, and authentication specifications defined in RFC 6239.
Table 2 Suite B algorithms
Security
Key exchange
Encryption algorithm
Public key algorithm
128-bit ecdh-sha2-nistp256 AEAD_AES_128_GCM
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
192-bit ecdh-sha2-nistp384 AEAD_AES_256_GCM x509v3-ecdsa-sha2-nistp384
Both
ecdh-sha2-nistp256
ecdh-sha2-nistp384
AEAD_AES_128_GCM
AEAD_AES_256_GCM
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
Specifying a PKI domain for the SSH server
The PKI domain specified for the SSH server has the following functions:
The SSH server uses the PKI domain to send its certificate to the client in the key exchange
stage.
The SSH server uses the PKI domain to authenticate the client's certificate if no PKI domain is
specified for the client authentication by using the ssh user command.
To specify a PKI domain for the SSH server:
1. Enter system view.
system-view
N/A
2. Specify a PKI domain for the
SSH server.
ssh server pki-domain
domain-name
By default, no PKI domain is
specified for the SSH server.
To Next Page
Loading...
