See the online help on the device for the
complete list of supported key exchange algorithms.
For backward compatibility, the string "dh-group-14" is also acceptable in place of "diffie-hellman-group-14-sha1".
-
Enter global configuration mode.
device# configure terminal
-
Use the ssh server
key-exchange command to set the key exchange algorithm for the
server.
You can use multiple key
exchange algorithms by separating the string names with commas.
device(config)# ssh server key-exchange diffie-hellman-group14-sha1,ecdh-sha2-nistp521
-
Use the ssh client
key-exchange command to set the key exchange algorithm for the
client.
You can use multiple key
exchange algorithms by separating the string names with commas.
device(config)# ssh client key-exchange diffie-hellman-group14-sha1,ecdh-sha2-nistp521
The following ssh server and ssh client key
exchange algorithms are supported in FIPS mode:
- ecdh-sha2-nistp256
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group14-sha1
The following ssh server and ssh client key exchange algorithms are
supported in CC mode:
- ecdh-sha2-nistp256
- diffie-hellman-group14-sha1
-
Restart the SSH server from EXEC
mode using the ssh-server restart command for the new configuration to take
effect.
device(config)# exit
device# ssh-server restart
