ssh client secure-algorithms cipher
Function
The ssh client secure-algorithms cipher command configures an encryption algorithm list for an SSH client.
The undo ssh client secure-algorithms cipher command restores the default encryption algorithm list of an SSH client.
By default, an SSH client supports two encryption algorithms: AES128_CTR and AES256_CTR.
Format
ssh client secure-algorithms cipher { 3des | aes128 | aes256_cbc | aes128_ctr | aes256_ctr } *
undo ssh client secure-algorithms cipher
Parameters
| Parameter | Description | Value |
|---|---|---|
| 3des | Specifies the CBC 3DES encryption algorithm. | - |
| aes128 | Specifies the CBC AES128 encryption algorithm. | - |
| aes256_cbc | Specifies the CBC AES256 encryption algorithm. | - |
| aes128_ctr | Specifies the CTR AES128 encryption algorithm. | - |
| aes256_ctr | Specifies the CTR AES256 encryption algorithm. | - |
Usage Guidelines
Usage Scenario
An SSH server and a client need to negotiate an encryption algorithm for the packets exchanged between them. You can run the ssh client secure-algorithms cipher command to configure an encryption algorithm list for the SSH client. After the list is configured, the server matches the encryption algorithm list of a client against the local list after receiving a packet from the client and selects the first encryption algorithm that matches the local list. If no encryption algorithms in the list of the client match the local list, the negotiation fails.
Precautions
aes256_ctr provides the highest security, followed by aes128_ctr, aes256_cbc, aes128, and 3des in order.
3des provides weak security. Therefore, it is not recommended in the encryption algorithm list.
