You can configure SSH Server and Client
Message Authentication Codes (MACs).
SSH server must be enabled.
For a complete list of supported MACs, see
the online help for the device.
-
Enter global configuration mode.
device# configure terminal
-
On the SSH server, configure the
SSH server MACs.
You can specify multiple MACs
by separating the string names with commas.
device(config)# ssh server mac hmac-sha1,hmac-sha2-256,hmac-sha2-512
-
On the SSH client, configure the
SSH client MACs.
You can specify multiple MACs
by separating the string names with commas.
device(config)# ssh client mac hmac-sha1,hmac-sha2-256,hmac-sha2-512
-
Restart the SSH server for the
configuration to take effect.
device(config)# do ssh-server restart
Warning: This operation will disconnect all active SSH sessions.
Are you sure you want to restart the SSH server [y/n]? y
SSH server is going down for restart NOW !!
SSH server restarted !!
-
Confirm the SSH configuration
information with one of the following commands.
device(config)# do show running-config ssh server
ssh server mac hmac-sha1,hmac-sha2-256,hmac-sha2-512
ssh server key rsa 2048
ssh server key ecdsa 256
ssh server key dsa
device(config)# do show running-config ssh client
ssh client mac hmac-sha1,hmac-sha2-256,hmac-sha2-512
device(config)# show ssh server status
SSH Server Rekey Volume: 1024
SSH Server Auth Tries: 6
SSH Server Login Timeout: 120
VRF-Name: mgmt-vrf Status: Enabled
VRF-Name: default-vrf Status: Enabled
device(config)# do show ssh client status
SSH Client Mac: hmac-sha1,hmac-sha2-256,hmac-sha2-512
Note
The
ssh server key
dsa is not supported in FIPS and CC modes.
