SSH Encryption Cipher

OcNOS-SP : System Management Guide : System Management Configuration Guide : SSH Client Server Configuration : SSH Encryption Cipher

Specify an SSH cipher to encrypt an SSH session. By default, all the ciphers are supported for a new SSH client to connect to the SSH server.

SSH supports these encryption algorithms:

• Advanced Encryption Standard Counter:

• aes128-ctr

• aes192-ctr

• aes256-ctr

• aes128-cbc

• Advanced Encryption Standard Cipher Block Chaining:

• aes192-cbc

• aes256-cbc

• Triple Data Encryption Standard Cipher Block Chaining:

• 3des-cbc

Configuration

#configure terminal	Enter configure mode
(config)#ssh server algorithm encryption aes128-ctr vrf management	Set the SSH server encryption algorithm to AES 128 bit counter
(config)#ssh server algorithm encryption aes128-cbc vrf management	Set the SSH server encryption algorithm to AES 128 cipher block chaining
(config)#commit	Commit the candidate configuration to the running configuration
(config)#exit	Exit configure mode

Validation

The new cipher encryption algorithm takes effect for a new incoming ssh client connection.

#show running-config ssh server

feature ssh vrf management

ssh server algorithm encryption aes128-ctr aes128-cbc vrf management

SSH Client Session

#ssh cipher aes128-ctr root@1.1.1.1 vrf management

Specify AES 128-bit counter encryption to establish an SSH connection to a remote machine using an IPv4 address

Last modified date: 08/28/2023