configure ssh2 enable cipher mac

configure ssh2 enable [cipher [cipher |all] |mac [ mac |all]]

Description

Configures the required ciphers/Message Authentication Codes (MACs) with SSHv2.

Syntax Description

cipher Specifies cipher to use for encrypting the session.
cipher Cipher name for encrypting session.
all Specifies all ciphers/MACs available in current mode.
mac Specifies MACs to use for encrypting the session.
mac MAC name for encrypting session.

Default

In Default mode, the following ciphers/MACs are disabled by default:
  • Ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se
  • MACs: hmac-md5, hmac-md5-96, hmac-md5-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-sha1-96, hmac-sha1-96-etm@openssh.com
In Default mode, the following ciphers/MACs are enabled by default:
  • Ciphers: aes128-ctr, aes192-ctr, aes256-ctr, chacha20-poly1305@openssh.com
  • MACs: hmac-sha1-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-sha2-256, hmac-sha2-512.
Note

Note

The following ciphers and MAC are no longer supported: arcfour, arcfour128, arcfour256, blowfish-cbc, cast128-cbc, hmac-ripemd160.

Example

The following example enables cipher "aes256-ctr" for the encrypting the session:

# configure ssh2 enable cipher "aes256-ctr"

History

This command was first available in ExtremeXOS 22.1.

Unsupported ciphers/macs removed due to SSH2 upgrade in ExtremeXOS 30.7.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.