No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ssh server secure-algorithms cipher

ssh server secure-algorithms cipher


The ssh server cipher command configures an encryption algorithm list for an SSH server.

The undo ssh server cipher command restores the default encryption algorithm list of an SSH server.

By default, an SSH server supports two encryption algorithms: AES128_CTR and AES256_CTR.


ssh server secure-algorithms cipher { 3des | aes128 | aes256_cbc | aes128_ctr | aes256_ctr } *

ssh server secure-algorithms cipher


Parameter Description Value
3des Specifies the CBC 3DES encryption algorithm. -
aes128 Specifies the CBC AES128 encryption algorithm. -
aes256_cbc Specifies the CBC AES256 encryption algorithm. -
aes128_ctr Specifies the CTR AES128 encryption algorithm. -
aes256_ctr Specifies the CTR AES256 encryption algorithm. -


System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

An SSH server and a client need to negotiate an encryption algorithm for the packets exchanged between them. You can run the ssh server secure-algorithms cipher command to configure an encryption algorithm list for the SSH server. After the list is configured, the server matches the encryption algorithm list of a client against the local list after receiving a packet from the client and selects the first encryption algorithm that matches the local list. If no encryption algorithms in the list of the client match the local list, the negotiation fails.


aes256_ctr provides the highest security, followed by aes128_ctr, aes256_cbc, aes128, and 3des in order.

3des provides weak security. Therefore, it is not recommended in the encryption algorithm list.


# Configure CTR encryption algorithms for an SSH server.

<Huawei> system-view
[Huawei] ssh server secure-algorithms cipher aes256_ctr aes128_ctr
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 194659

Downloads: 118

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next