ssh algorithm encryption
Use this command to set an encryption algorithm for SSH sessions.
An SSH server authorizes connection of only those algorithms that are configured from the list below. If a client tries establishing a connection to the server with the algorithm encryption that are not part of the list, the connection will not established.
SSH supports these encryption algorithms:
Advanced Encryption Standard Counter:
| • | aes128-ctr |
| • | aes192-ctr |
| • | aes256-ctr |
| • | aes128-cbc |
Advanced Encryption Standard Cipher Block Chaining:
| • | aes192-cbc |
| • | aes256-cbc |
Triple Data Encryption Standard Cipher Block Chaining:
3des-cbc
Use the no form of this command to not encrypt SSH sessions.
Command Syntax
ssh server algorithm encryption {aes128-ctr | aes192-ctr | aes256-ctr | aes128-cbc |aes192-cbc | aes256-cbc | 3des-cbc} (vrf (NAME|management)|))
no ssh server algorithm encryption {aes128-ctr | aes192-ctr | aes256-ctr | aes128-cbc |aes192-cbc | aes256-cbc | 3des-cbc} (vrf (NAME|management)|)Parameters
aes18-ctr
AES 128 bit Counter Mode
aes192-ctr
AES 192 bit Counter Mode
aes256-ctr
AES 256 bit Counter Mode
aes128-cbc
AES 128 bit Cipher block chaining
aes192-cbc
AES 192 bit Cipher block chaining
aes256-cbc
AES 256 bit Cipher block chaining
3des-cbc
Triple DES Cipher block chaining
vrf
Virtual Routing and Forwarding
NAME
Virtual Routing and Forwarding name
vrf management
Defines the management VRF
Virtual Routing and Forwarding instance.
vrf NAME
Specify the user-defined VRF instance name.
Default
No default value is specified.
By default, all the ciphers are supported for a new SSH client to connect to the SSH server.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3. Added parameter VRF NAME in OcNOS version 6.5.3
Examples
#configure terminal
(config)#ssh server algorithm encryption aes128-ctr