configure ssh2 enable cipher mac

configure ssh2 enable [cipher [cipher |all] |mac [ mac |all]]


Configures the required ciphers/Message Authentication Codes (MACs) with SSHv2.

Syntax Description

cipher Specifies cipher to use for encrypting the session.
cipher Cipher name for encrypting session.
all Specifies all ciphers/MACs available in current mode.
mac Specifies MACs to use for encrypting the session.
mac MAC name for encrypting session.


In Default mode, the following ciphers/MACs are disabled by default:
  • Ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc,
  • MACs: hmac-md5, hmac-md5-96,,, hmac-sha1-96,
In Default mode, the following ciphers/MACs are enabled by default:
  • Ciphers: aes128-ctr, aes192-ctr, aes256-ctr,
  • MACs:,,, hmac-sha1, hmac-sha2-256, hmac-sha2-512.


The following ciphers and MAC are no longer supported: arcfour, arcfour128, arcfour256, blowfish-cbc, cast128-cbc, hmac-ripemd160.


The following example enables cipher "aes256-ctr" for the encrypting the session:

# configure ssh2 enable cipher "aes256-ctr"


This command was first available in ExtremeXOS 22.1.

Unsupported ciphers/macs removed due to SSH2 upgrade in ExtremeXOS 30.7.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.