Administrator Guide
• hmac-md5-96
When FIPS is enabled, the default HMAC algorithm is hmac-sha2-256,hmac-sha1,hmac-sha1-96.
Example of Conguring a HMAC Algorithm
The following example shows you how to congure a HMAC algorithm list.
DellEMC(conf)# ip ssh server mac hmac-sha1-96
Conguring the SSH Server Cipher List
To congure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION
mode.
cipher-list-: Enter a space-delimited list of ciphers the SSH server will support.
The following ciphers are available.
• 3des-cbc
• aes128-cbc
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
The default cipher list is aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Conguring a Cipher List
The following example shows you how to congure a cipher list.
DellEMC(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr
Conguring DNS in the SSH Server
Dell EMC Networking provides support to enable the DNS in SSH server conguration for host-based authentication. You can specify
whether the SSH Server should look up the remote host name and check whether the resolved host name for the remote IP address maps
to the same IP address. By default, the DNS in the SSH server conguration is disabled.
To enable the DNS in the SSH server conguration, use the following command.
• Enable the DNS in the SSH server conguration.
CONFIGURATION mode
[no] ip ssh server dns enable
To disable the DNS in the SSH server conguration, use the no version of this command.
Example of DNS Conguration in SSH Server Connections
To view the status of DNS in the SSH server conguration, use the show running-config ip ssh command from EXEC mode.
DellEMC#show running-config ip ssh
!
798
Security