Users Guide
When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96.
When FIPS is not enabled, the default HMAC algorithms are the following:
• hmac-md5
•
hmac-md5-96
• hmac-sha1
• hmac-sha1-96
• hmac-sha2-256
• hmac-sha2-256-96
kex key-exchange-
algorithm
Enter the keyword kex and then a space-delimited list of key exchange algorithms
supported by the SSH server.
The following key exchange algorithms are available:
• diffie-hellman-group-exchange-sha1
• diffie-hellman-group1-sha1
• diffie-hellman-group14-sha1
When FIPS is enabled, the default key-exchange-algorithm is diffie-hellman-
group14-sha1.
When FIPS is not enabled, the default key-exchange-algorithms are the following:
• diffie-hellman-group-exchange-sha1
• diffie-hellman-group1-sha1,
• diffie-hellman-group14-sha1
port port-number (OPTIONAL) Enter the keyword port then the port number of the listening port
of the SSH server. The range is from 1 to 65535. The default is 22.
[version {1 | 2}] (OPTIONAL) Enter the keyword version then the SSH version 1 or 2 to specify
only SSHv1 or SSHv2.
NOTE: If you enable FIPS mode, you can only select version 2.
Defaults
• Default listening port is 22.
• Default cipher list is 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr.
• When FIPS is enabled, the default is hmac-sha1-96.
• When FIPS is not enabled, the default is hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-
sha2-256,hmac-sha2-256-96.
• When FIPS is enabled, the default is die-hellman-group14-sha1.
• When FIPS is not enabled, the default is die-hellman-group-exchange-sha1,die-hellman-group1-
sha1,die-hellman-group14-sha1.
Command Modes CONFIGURATION
1382
Security