Administrator Guide
To disable SSH server functions, use the no ip ssh server {ciphers cipher-list} {enable
| port port-number} [kex key-exchange-algorithm] [mac hmac-algorithm]
[version {1 | 2}] command.
Parameters
enable Enter the key word enable to start the SSH server.
ciphers
cipher-
list
Enter the keyword ciphers and then a space-delimited list of ciphers that the
SSH server supports.
The following ciphers are available.
● 3des-cbc
● aes128-cbc
● aes192-cbc
● aes256-cbc
● aes128-ctr
● aes192-ctr
● aes256-ctr
The default cipher list is used.
● 3des-cbc
● aes128-cbc
● aes192-cbc
● aes256-cbc
● aes128-ctr
● aes192-ctr
● aes256-ctr
mac
hmac-
algorithm
Enter the keyword mac then a space-delimited list of hash message authentication
code (HMAC) algorithms supported by the SSH server for keying hashing for the
message authentication.
The following HMAC algorithms are available:
● hmac-sha1
● hmac-sha1-96
● hmac-sha2-256
When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96.
When FIPS is not enabled, the default HMAC algorithms are the following:
● hmac-md5
● hmac-md5-96
● hmac-sha1
● hmac-sha1-96
● hmac-sha2-256
kex
key-
exchange-
algorithm
Enter the keyword kex and then a space-delimited list of key exchange algorithms
supported by the SSH server.
The following key exchange algorithms are available:
● diffie-hellman-group-exchange-sha1
● diffie-hellman-group1-sha1
● diffie-hellman-group14-sha1
When FIPS is enabled, the default key-exchange-algorithm is diffie-hellman-
group14-sha1.
When FIPS is not enabled, the default key-exchange-algorithms are the following:
● diffie-hellman-group-exchange-sha1
● diffie-hellman-group1-sha1,
Security 1573