Administrator Guide
● diffie-hellman-group-exchange-sha1
● diffie-hellman-group1-sha1
● diffie-hellman-group14-sha1
When FIPS is enabled, the default is diffie-hellman-group14-sha1.
Example of Configuring a Key Exchange Algorithm
The following example shows you how to configure a key exchange algorithm.
DellEMC(conf)# ip ssh server kex diffie-hellman-group-exchange-sha1 diffie-hellman-
group14-sha1
Configuring the HMAC Algorithm for the SSH Server
To configure the HMAC algorithm for the SSH server, use the ip ssh server mac hmac-algorithm command in
CONFIGURATION mode.
hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the
SSH server.
The following HMAC algorithms are available:
● hmac-md5
● hmac-md5-96
● hmac-sha1
● hmac-sha1-96
● hmac-sha2-256
The default HMAC algorithms are the following:
● hmac-sha2-256
● hmac-sha1
● hmac-sha1-96
● hmac-md5
● hmac-md5-96
When FIPS is enabled, the default HMAC algorithm is hmac-sha2-256,hmac-sha1,hmac-sha1-96.
Example of Configuring a HMAC Algorithm
The following example shows you how to configure a HMAC algorithm list.
DellEMC(conf)# ip ssh server mac hmac-sha1-96
Configuring the SSH Server Cipher List
To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in
CONFIGURATION mode.
cipher-list-: Enter a space-delimited list of ciphers the SSH server will support.
The following ciphers are available.
● 3des-cbc
● aes128-cbc
● aes192-cbc
Security
817