Configuration Example: Enable/Disable Ciphers in FIPS Mode

# show ssh2
SSH module configuration details:
SSH Access            : Disabled
Key validity          : Invalid
Key type              : RSA 2048
TCP port              : 22
VR                    : all
Access profile        : not set
Secure Mode           : Off
Diffie-Hellman Groups : 14 (2048 bits), 16 (4096 bits), 18 (8192 bits)
Max Auth Tries        : 3
Idle time             : 60 minutes
Rekey Interval        : 4096 MB and no time limit
Ciphers               : aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se
Macs                  : hmac-sha1, hmac-sha2-256, hmac-sha2-512
Public key algorithms : ssh-rsa, ssh-dss, x509v3-sign-rsa, x509v3-sign-dss
Login grace timeout   : 120 seconds

# configure ssh2 disable cipher aes128-ctr

# show ssh2 ciphers
Ciphers               : aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se

# show ssh2
SSH module configuration details:
SSH Access            : Enabled
Key validity          : Valid
Key type              : RSA 2048
TCP port              : 22
VR                    : all
Access profile        : not set
Secure Mode           : Off
Diffie-Hellman Groups :  14 (2048 bits), 16 (4096 bits), 18 (8192 bits)
Idle time             : 60 minutes
Ciphers               : aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se
Macs                  : hmac-sha1, hmac-sha2-256, hmac-sha2-512
Login grace timeout   : 120 seconds

# configure ssh2 enable cipher aes128-ctr

# show ssh2 ciphers
Ciphers               : aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se

# show ssh2
SSH module configuration details:
SSH Access            : Enabled
Key validity          : Valid
Key type              : RSA 2048
TCP port              : 22
VR                    : all
Access profile        : not set
Secure Mode           : Off
Diffie-Hellman Groups :  14 (2048 bits), 16 (4096 bits), 18 (8192 bits)
Idle time             : 60 minutes
Ciphers               : aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se
Macs                  : hmac-sha1, hmac-sha2-256, hmac-sha2-512
Login grace timeout   : 120 seconds