Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
61626364656667686970
Enterasys X-Pedition User Reference Manual 41
Secure Shell (ssh) Server
You may also accomplish this task on a per-session basis by using the encryption-preference
command-line option:
For the SSH-1 protocol version, users cannot specify a preference for encryption algorithms.
However, users may use the ssh-client set ssh1-encryption command or the ssh1-encryption
command-line option to force use of a particular cipher. The following example uses the ssh-client
set ssh1-encryption configuration command to force the use of the Blowfish cipher:
This may also be accomplished on a per-session basis with the ssh1-encryption command-line
option:
Message Authentication Codes (MACs)
In addition to the available ciphers, there are also several Message Authentication Code (MAC)
algorithms available to SSH-2 sessions. These MACs are used to authenticate the contents of each
packet of data exchanged between the client and server. If a third party tampers with the contents of
a packet, MAC validation will fail and the tampering will be detected.
Use the ssh-server set mac command in configuration mode to select which MACs to allow. When
a client connects, it will select which MAC to use from the list of MACs specified by this
command. The following example demonstrates how to enable the HMAC-SHA1 and HMAC-
SHA1-96 MAC algorithms:
Note: The list of MACs specified by this command will apply to SSH-2 sessions only. The
SSH-1 protocol does not support MACs and will use only CRC-32 validation. If this
command is not added to the configuration, the X-Pedition will allow all available MACs.
Use the ssh-client set mac-preference command or the mac-preference command-line option to
select the SSH-2 MACs to be attempted, in order of preference. The following example uses the
ssh-client set mac-preference configuration command to set HMAC-SHA1 and HMAC-SHA1-96
as the only ciphers to attempt, with HMAC-SHA1-96 being the most preferred MAC.
xp# ssh 192.168.1.1 encryption-preference aes128-cbc,blowfish,3des-cbc
xp(config)# ssh-client set ssh1-encryption blowfish
xp# ssh 192.168.1.1 ssh1-encryption blowfish
xp(config)# ssh-server set mac hmac-sha1 hmac-sha1-96
xp(config)# ssh-client set mac-preference hmac-sha1-96 hmac-sha1