Administrator Guide
Configuring the HMAC Algorithm for the SSH Server
To configure the HMAC algorithm for the SSH server, use the ip ssh server mac hmac-algorithm command in
CONFIGURATION mode.
hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH
server.
The following HMAC algorithms are available:
• hmac-md5
• hmac-md5-96
• hmac-sha1
• hmac-sha1-96
• hmac-sha2-256
The default HMAC algorithms are the following:
• hmac-sha2-256
• hmac-sha1
• hmac-sha1-96
• hmac-md5
• hmac-md5-96
When FIPS is enabled, the default HMAC algorithm is hmac-sha2-256,hmac-sha1,hmac-sha1-96.
Example of Configuring a HMAC Algorithm
The following example shows you how to configure a HMAC algorithm list.
DellEMC(conf)# ip ssh server mac hmac-sha1-96
Configuring the SSH Server Cipher List
To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION
mode.
cipher-list-: Enter a space-delimited list of ciphers the SSH server will support.
The following ciphers are available.
• 3des-cbc
• aes128-cbc
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
The default cipher list is aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Configuring a Cipher List
The following example shows you how to configure a cipher list.
DellEMC(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr
Configuring DNS in the SSH Server
Dell EMC Networking provides support to enable the DNS in SSH server configuration for host-based authentication. You can specify
whether the SSH Server should look up the remote host name and check whether the resolved host name for the remote IP address
maps to the same IP address. By default, the DNS in the SSH server configuration is disabled.
To enable the DNS in the SSH server configuration, use the following command.
• Enable the DNS in the SSH server configuration.
Security
711