Security
58
System Management Guide
3HE 11018 AAAC TQZZA Edition: 01
3.9.8 Configuring SSH
Use the ssh command to configure the SSH server as SSH1, SSH2 or both. The
default is SSH2. This command should only be enabled or disabled when the SSH
server is disabled. This setting cannot be changed while the SSH server is running.
CLI Syntax: config>system>security
ssh
preserve-key
no server-shutdown
version ssh-version
Example: config>system>security# ssh
config>system>security>ssh# preserve-key
config>system>security>ssh# version 1-2
The following example displays the SSH server configuration as both SSH1 and
SSH2 using a host-key:
A:ALU-1>config>system>security>ssh# info
----------------------------------------------
preserve-key
version 1-2
----------------------------------------------
A:ALU-1>config>system>security>ssh#
3.9.9 Configuring SSH Ciphers
Use the ssh command to configure SSH1 or SSH2 cipher lists. Client ciphers are
used if the 7705 SAR is acting an as an SSH client, and server ciphers are used if
the is 7705 SAR is acting as an SSH server.
CLI Syntax: config>system>security
ssh
client-cipher-list protocol-version version
cipher index name cipher-name
server-cipher-list protocol-version version
cipher index name cipher-name
Note: If a 7705 SAR node is running in FIPS-140-2 mode:
• SSH1 is not supported
• for SSH2, the following ciphers are not available: blowfish-cbc, cast128-cbc, arcfour,
and rijndael-cbc
To Next Page
Loading...
