client documentation for details on configuring encryption on your client. The system
supports the following SSH algorithms for encryption:
■ 3des-cbc—A triple DES block cipher with 8-byte blocks and 24 bytes of key data.
The first 8 bytes of the key data are used for the first encryption, the next 8 bytes
for the decryption, and the following 8 bytes for the final encryption.
■ blowfish-cbc—A block cipher with 8-byte blocks and 128-bit keys that provides
strong encryption and is faster than DES.
■ twofish-cbc—A block cipher with 16-byte blocks and 256-bit keys that is stronger
and faster than Blowfish encryption.
Although it is not recommended, you can also specify none. In this case, the system
does not perform encryption.
ip ssh crypto
Use to add an encryption algorithm to the specified support list for the SSH
server.
■
Example 1—This example adds the blowfish-cbc algorithm to the list of supported
inbound algorithms.
host1(config)#ip ssh crypto client-to-server blowfish-cbc
Example 2—This example removes the 3des-cbc algorithm from the list of
supported outbound algorithms.
host1(config)#ip ssh crypto server-to-client no 3des-cbc
■ The default version restores the specified list to the factory default, which includes
all supported algorithms (3des-cbc, twofish-cbc, and blowfish-cbc). The default
list does not include the none option.
Example
host1(config)#ip ssh crypto server-to-client default 3des-cbc
■ If you do not specify a direction (client-to-server or server-to-client), the command
applies the algorithm to both inbound and outbound lists.
■ Use the no version to remove or exclude an algorithm from the specified list.
■ See ip ssh crypto.
Configuring User Authentication
The router supports RADIUS and TACACS+ for user authentication. RADIUS
authentication is enabled by default. You must have previously configured a RADIUS
or a TACACS+ server on a host system and its respective client (RADIUS or
TACACS+) on your system.
You can specify timeout and retry limits to control the SSH connection process. The
limits apply only from the time the user first tries to connect until the user has been
440 ■ Secure System Administration with SSH
JUNOSe 11.1.x System Basics Configuration Guide
To Next Page
Loading...