R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

381

382

383

384

385

386

387

388

389

390

369

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.This keyword is not

available in FIPS mode.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.

prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1-96.

Usage guidelines

When the server adopts publickey authentication to authenticate a client, the client must get the local

private key for digital signature. In non-FIPS mode, because the publickey authentication uses either RSA

or DSA algorithm, you must specify the public key algorithm of the client (by using the identity-key

keyword) in order to get the correct local private key.

In non-FIPS mode, the default algorithms are as follows:

• The algorithm for publickey authentication is dsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group-exchange.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

In FIPS mode, the default algorithms are as follows:

• The algorithm for publickey authentication is rsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group14.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

Examples

# Connect to SFTP server 10.1.1.2, using the following connection scheme:

• The preferred key exchange algorithm is dh-group1.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is md5.

• The preferred server-to-client HMAC algorithm is sha1-96.

<Sysname> sftp 10.1.1.2 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac

md5 prefer-stoc-hmac sha1-96

Input Username:

sftp client ipv6 source

Use sftp client ipv6 source to specify the source IPv6 address or source interface for the SFTP client.

Use undo sftp client ipv6 source to remove the configuration.

Syntax

sftp client ipv6 source { interface interface-type interface-number | ipv6 ipv6-address }