Administrator Guide
Version Description
9.11(0.0) Introduced on the S4810, S4820T, S3048–ON, S3100 Series, S4048–ON, S5000, S6000,
S6000–ON, Z9500, Z9100–ON, S6100–ON, S6010–ON, S4048T–ON, C9000, and MXL.
Usage Information
If both the challenge response authentication and password authentication methods are configured, the challenge
response authentication takes priority.
ip ssh cipher
Configure the list of ciphers supported on both SSH client and SCP.
Syntax
ip ssh cipher cipher-list
Parameters
cipher
cipher-list
Enter the keyword cipher and then a space-delimited list of ciphers that the SSH client
supports. The following ciphers are available.
• aes256-ctr
• aes256-cbc
• aes192-ctr
• aes192-cbc
• aes128-ctr
• aes128-cbc
• 3des-cbc
Defaults The default list of ciphers is in the order as shown below:
• aes256-ctr
•
aes256-cbc
• aes192-ctr
• aes192-cbc
• aes128-ctr
• aes128-cbc
• 3des-cbc
Command Modes CONFIGURATION
Command History
This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC
Networking OS Command Line Reference Guide.
Version Description
9.10(0.1) Introduced on the S6010-ON and S4048T-ON.
9.10(0.0) Introduced on the S3148.
9.10(0.0) Introduced on the S6100–ON, S6000, S6000–ON, S5000, S4810, S4820T, S3048–ON,
S4048–ON, MXL, C9010, S3100 series, and Z9100-ON.
Usage Information
• You can select one or more ciphers from the list.
• The default list of supported ciphers is same irrespective of whether FIPS mode is enabled or disabled.
• Client-supported cipher list gets preference over the server-supported cipher list in selecting the cipher for
the SSH session.
• When the cipher (-c) option is used with the SSH CLI, it overrides the configured or default cipher list.
• When FIPS is enabled or disabled, the client ciphers get default configuration.
1368 Security