configure ssh2 enable cipher mac
Description
Configures the required ciphers/Message Authentication Codes (MACs) with SSHv2.
Syntax Description
| cipher | Specifies cipher to use for encrypting the session. |
| cipher | Cipher name for encrypting session. |
| all | Specifies all ciphers/MACs available in current mode. |
| mac | Specifies MACs to use for encrypting the session. |
| mac | MAC name for encrypting session. |
Default
In Default mode, the following ciphers/MACs are disabled by default:
- Ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se
- MACs: hmac-md5, hmac-md5-96, hmac-md5-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-sha1-96, hmac-sha1-96-etm@openssh.com
In Default mode, the following ciphers/MACs are enabled by default:
- Ciphers: aes128-ctr, aes192-ctr, aes256-ctr, chacha20-poly1305@openssh.com
- MACs: hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-sha2-256, hmac-sha2-512.
Note
The following ciphers and MAC are no longer supported: arcfour, arcfour128, arcfour256, blowfish-cbc, cast128-cbc, hmac-ripemd160.Example
The following example enables cipher "aes256-ctr" for the encrypting the session:
# configure ssh2 enable cipher "aes256-ctr"
History
This command was first available in ExtremeXOS 22.1.
Unsupported ciphers/macs removed due to SSH2 upgrade in ExtremeXOS 30.7.
Platform Availability
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.