White Papers
• aes192-ctr
• aes256-ctr
The default cipher list is aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Conguring a Cipher List
The following example shows you how to congure a cipher list.
Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr
Conguring the SSH Client Cipher List
To congure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode.
cipher-list-: Enter a space-delimited list of ciphers the SSH Client supports.
The following ciphers are available.
• 3des-cbc
• aes128-cbc
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Conguring a Cipher List
The following example shows you how to congure a cipher list.
Dell(conf)#ip ssh cipher aes128-ctr aes128-cbc 3des-cbc
Secure Shell Authentication
Secure Shell (SSH) is disabled by default.
Enable SSH using the ip ssh server enable command.
SSH supports three methods of authentication:
• Enabling SSH Authentication by Password
• Using RSA Authentication of SSH
• Conguring Host-Based SSH Authentication
Important Points to Remember
• If you enable more than one method, the order in which the methods are preferred is based on the ssh_cong le on the Unix machine.
• When you enable all the three authentication methods, password authentication is the backup method when the RSA method fails.
• The les known_hosts and known_hosts2 are generated when a user tries to SSH using version 1 or version 2, respectively.
Security
917