SSH Default Enabled Parameters During Installation

When installing ExtremeXOS 22.5 for the first time, the following SSH parameters are enabled by default:

In Default, FIPS, and Secure mode:

Diffie-Hellman groups: 14 (2,048 bits), 16 (4,096 bits), 18 (8192 bits)
Public key algorithms: ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss

In Default mode:

Ciphers: aes128-ctr, aes192-ctr, aes256-ctr, chacha20-poly1305@openssh.com
MACs: hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-sha2-256, hmac-sha2-512

Other OpenSSH 7.5p1 supported MACs and ciphers listed in Understanding SSH Server are disabled by default.

Upgrading to ExtremeXOS 22.5 and Later

When upgrading from earlier releases to ExtremeXOS 22.5 and later, supported ciphers, MACs, public key algorithms, and Diffie-Hellman groups are inherited from the earlier releases.

Note

DSA (ssh-dss) related host key algorithms are not supported in both server and client in ExtremeXOS 22.5 and later. However, for backward compatibility, it is supported in the server after an upgrade to ExtremeXOS 22.5 and later if DSA host key is present in the earlier release.

Published March 2020prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback