Administrator Guide

• hmac-md5-96

When FIPS is enabled, the default HMAC algorithm is hmac-sha2-256,hmac-sha1,hmac-sha1-96.

Example of Conguring a HMAC Algorithm

The following example shows you how to congure a HMAC algorithm list.

DellEMC(conf)# ip ssh server mac hmac-sha1-96

Conguring the SSH Server Cipher List

To congure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION

mode.

cipher-list-: Enter a space-delimited list of ciphers the SSH server will support.

The following ciphers are available.

• 3des-cbc

• aes128-cbc

• aes192-cbc

• aes256-cbc

• aes128-ctr

• aes192-ctr

• aes256-ctr

The default cipher list is aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.

Example of Conguring a Cipher List

The following example shows you how to congure a cipher list.

DellEMC(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr

Conguring DNS in the SSH Server

Dell EMC Networking provides support to enable the DNS in SSH server conguration for host-based authentication. You can specify

whether the SSH Server should look up the remote host name and check whether the resolved host name for the remote IP address maps

to the same IP address. By default, the DNS in the SSH server conguration is disabled.

To enable the DNS in the SSH server conguration, use the following command.

• Enable the DNS in the SSH server conguration.

CONFIGURATION mode

[no] ip ssh server dns enable

To disable the DNS in the SSH server conguration, use the no version of this command.

Example of DNS Conguration in SSH Server Connections

To view the status of DNS in the SSH server conguration, use the show running-config ip ssh command from EXEC mode.

DellEMC#show running-config ip ssh

798

Security