R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

381

382

383

384

385

386

387

388

389

390

367

• sha1-96: Specifies the HMAC algorithm hmac-sha1-96.

prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in

non-FIPS mode, and is dh-group14 in FIPS mode.

• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.

This keyword is not available in FIPS mode.

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1. This keyword is not

available in FIPS mode.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.

prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1-96.

Usage guidelines

When the client's authentication method is publickey, the client must get the local private key for digital

signature. In non-FIPS mode, because the publickey authentication uses either RSA or DSA algorithm, you

must specify an algorithm (by using the identity-key keyword) in order to get the correct data for the local

private key.

In non-FIPS mode, the default algorithms are as follows:

• The algorithm for publickey authentication is dsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group-exchange.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

In FIPS mode, the default algorithms are as follows:

• The algorithm for publickey authentication is rsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group14.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

Examples

# Connect to the SCP server 192.168.0.1, download the file remote.bin from the server, and save it locally

to the file local.bin

<Sysname> scp 192.168.0.1 get remote.bin local.bin

sftp

Use sftp to establish a connection to an IPv4 SFTP server and enter SFTP client view.

Syntax

In non-FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } |

prefer-compress { zlib | zlib-openssh } | prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac