Administrator Guide
Related
Commands
• show ip ssh client-pub-keys — displays the client-public keys used for the host-based authentication.
ip ssh mac
Configure the list of MAC algorithms supported on both SSH client and SCP.
Syntax
ip ssh mac mac-list
Parameters
mac
mac-list
Enter the keyword mac then a space-delimited list of message authentication code
(MAC) algorithms supported by the SSH client. The following MAC algorithms are
available.
When FIPS mode is enabled:
•
hmac-sha2–256
• hmac-sha1
• hmac-sha1–96
When FIPS mode is disabled:
• hmac-sha2-256
• hmac-sha1
• hmac-sha1–96
• hmac-md5
• hmac-md5-96
Defaults
The default list of MAC algorithm is in the order as shown below:
When FIPS mode is enabled:
•
hmac-sha2–256
• hmac-sha1
• hmac-sha1–96
When FIPS mode is disabled:
• hmac-sha2-256
• hmac-sha1
•
hmac-sha1–96
• hmac-md5
• hmac-md5-96
Command Modes CONFIGURATION
Command History
This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC
Networking OS Command Line Reference Guide.
Version Description
9.10(0.1) Introduced on the S6010-ON and S4048T-ON.
9.10(0.0) Introduced on the S3148.
9.10(0.0) Introduced on the S6100–ON, S6000, S6000–ON, S5000, S4810, S4820T, S3048–ON,
S4048–ON, MXL, C9010, S3100 series, and Z9100-ON.
Usage Information
• You can select one or more MAC algorithms from the list.
• Client-supported MAC list gets preference over the server-supported MAC list in selecting the MAC algorithm
for the SSH session.
• When the MAC (-m) option is used with the SSH CLI, it overrides the configured or default MAC list.
• When FIPS is enabled or disabled, the client MACs get default configuration.
Security 1373