Manualshelf

Administrator Guide

ManualsBrandsDell ManualsserversDell Force10 MXL Blade
691692693694695696697698699700
Conguring When to Re-generate an SSH Key
You can congure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are congured, the
session rekeys when either one of the thresholds is reached.
To congure the time or volume rekey threshold at which to re-generate the SSH key during an SSH session, use the ip ssh
rekey [time rekey-interval] [volume rekey-limit] command. CONFIGURATION mode.
Congure the following parameters:
rekey-interval: time-based rekey threshold for an SSH session. The range is from 10 to 1440 minutes. The default is 60 minutes.
rekey-limit: volume-based rekey threshold for an SSH session. The range is from 1 to 4096 to megabytes. The default is 1024
megabytes.
Examples
The following example congures the time-based rekey threshold for an SSH session to 30 minutes.
Dell(conf)#ip ssh rekey time 30
The following example congures the volume-based rekey threshold for an SSH session to 4096 megabytes.
Dell(conf)#ip ssh rekey volume 4096
Conguring the SSH Server Key Exchange Algorithm
To congure the key exchange algorithm for the SSH server, use the ip ssh server kex key-exchange-algorithm
command in CONFIGURATION mode.
key-exchange-algorithm : Enter a space-delimited list of key exchange algorithms that will be used by the SSH server.
The following key exchange algorithms are available:
die-hellman-group-exchange-sha1
die-hellman-group1-sha1
die-hellman-group14-sha1
The default key exchange algorithms are the following:
die-hellman-group-exchange-sha1
die-hellman-group1-sha1
die-hellman-group14-sha1
When FIPS is enabled, the default is die-hellman-group14-sha1.
Example of Conguring a Key Exchange Algorithm
The following example shows you how to congure a key exchange algorithm.
Dell(conf)# ip ssh server kex diffie-hellman-group-exchange-sha1 diffie-hellman-group14-
sha1
Conguring the HMAC Algorithm for the SSH Server
To congure the HMAC algorithm for the SSH server, use the ip ssh server mac hmac-algorithm command in
CONFIGURATION mode.
694
Security