No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fit AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ssh server secure-algorithms cipher

ssh server secure-algorithms cipher

Function

The ssh server cipher command configures an encryption algorithm list for an SSH server.

The undo ssh server cipher command restores the default encryption algorithm list of an SSH server.

By default, an SSH server supports two encryption algorithms: AES128_CTR and AES256_CTR.

Format

ssh server secure-algorithms cipher { 3des | aes128 | aes256_cbc | aes128_ctr | aes256_ctr } *

ssh server secure-algorithms cipher

Parameters

Parameter Description Value
3des Specifies the CBC 3DES encryption algorithm. -
aes128 Specifies the CBC AES128 encryption algorithm. -
aes256_cbc Specifies the CBC AES256 encryption algorithm. -
aes128_ctr Specifies the CTR AES128 encryption algorithm. -
aes256_ctr Specifies the CTR AES256 encryption algorithm. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

An SSH server and a client need to negotiate an encryption algorithm for the packets exchanged between them. You can run the ssh server secure-algorithms cipher command to configure an encryption algorithm list for the SSH server. After the list is configured, the server matches the encryption algorithm list of a client against the local list after receiving a packet from the client and selects the first encryption algorithm that matches the local list. If no encryption algorithms in the list of the client match the local list, the negotiation fails.

Precautions

aes256_ctr provides the highest security, followed by aes128_ctr, aes256_cbc, aes128, and 3des in order.

3des provides weak security. Therefore, it is not recommended in the encryption algorithm list.

Example

# Configure CTR encryption algorithms for an SSH server.

<Huawei> system-view
[Huawei] ssh server secure-algorithms cipher aes256_ctr aes128_ctr
Translation
Download
Updated: 2019-07-18

Document ID: EDOC1100064353

Views: 92783

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next