ssh server cipher

Usage Scenario

An SSH server and a client need to negotiate an encryption algorithm for the packets exchanged between them. You can run the ssh server cipher command to configure an encryption algorithm list for the SSH server. After the list is configured, the server matches the encryption algorithm list of a client against the local list after receiving a packet from the client and selects the first encryption algorithm that matches the local list. If no encryption algorithms in the list of the client match the local list, the negotiation fails.

For example, run the ssh server cipher { aes128_ctr | aes256_ctr } ^* command to add the high-security aes128_ctr and aes256_ctr encryption algorithms to the encryption algorithm list of the SSH server, improving device security.

Precautions

aes256_ctr provides the highest security, followed by aes128_ctr, aes256_cbc, aes128_cbc, 3des_cbc, and des_cbc in order.

Do not add 3des_cbc, aes128_cbc, aes256_cbc, or des_cbc to the list because they provide the lowest security among the supported encryption algorithms. The aes128_ctr and aes256_ctr encryption algorithms have been added to the list in the factory configuration file. By default, the device does not support the undo ssh server cipher command and weak security encryption algorithms such as 3des_cbc, aes128_cbc, aes256_cbc, and des_cbc. To use the undo ssh server cipher command and these algorithms, install the weak security algorithm component package (product_version_WEAKEA.mod). For details, see Dynamic Loading.