Configuring SSH MAC

Configures SSH Server and Client Message Authentication Codes (MACs).

SSH server must be enabled.

Refer to the online help on the device for the complete list of supported MACs.

  1. Enter configure terminal mode. 
    device#configure terminal
  2. On the SSH server, enter the ssh server mac command to configure the SSH server MACs.
    You can specify multiple MACs by separating the string names with commas. 
    device(config)# ssh server mac hmac-sha1,hmac-sha2-256,hmac-sha2-512
  3. On the SSH client, enter the ssh client mac command to configure the SSH client MACs.
    You can specify multiple MACs by separating the string names with commas. 
    device(config)# ssh client mac hmac-sha1,hmac-sha2-256,hmac-sha2-512
  4. Restart the SSH server from EXEC mode using the ssh-server restart command. for the configuration to take effect. 
    device(config)# exit
device# ssh-server restart
  5. Enter the show running-config command or the show ssh command to confirm the SSH configuration information. 
    device(config)# do show running-config ssh server 
ssh server mac hmac-sha1,hmac-sha2-256,hmac-sha2-512 
ssh server key rsa 2048 
ssh server key ecdsa 256 
ssh server key dsa

device(config)# do show running-config ssh client 
ssh client mac hmac-sha1,hmac-sha2-256,hmac-sha2-512

device(config)# show ssh server status
SSH Server Rekey Volume: 1024
SSH Server Auth Tries: 6
SSH Server Login Timeout: 120
VRF-Name: mgmt-vrf      Status: Enabled
VRF-Name: default-vrf   Status: Enabled

device(config)# do show ssh client status 
SSH Client Mac: hmac-sha1,hmac-sha2-256,hmac-sha2-512
    Note

    Note

    The ssh server key dsa is not supported in FIPS and CC modes.
9036296-00 Rev AA