Administrator Guide
Conguring the SSH Server Key Exchange Algorithm
To congure the key exchange algorithm for the SSH server, use the ip ssh server kex key-exchange-algorithm command
in CONFIGURATION mode.
key-exchange-algorithm : Enter a space-delimited list of key exchange algorithms that will be used by the SSH server.
The following key exchange algorithms are available:
• die-hellman-group-exchange-sha1
• die-hellman-group1-sha1
• die-hellman-group14-sha1
The default key exchange algorithms are the following:
• die-hellman-group-exchange-sha1
• die-hellman-group1-sha1
• die-hellman-group14-sha1
When FIPS is enabled, the default is die-hellman-group14-sha1.
Example of Conguring a Key Exchange Algorithm
The following example shows you how to congure a key exchange algorithm.
Dell(conf)# ip ssh server kex diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1
Conguring the HMAC Algorithm for the SSH Server
To congure the HMAC algorithm for the SSH server, use the ip ssh server mac hmac-algorithm command in
CONFIGURATION mode.
hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH
server.
The following HMAC algorithms are available:
• hmac-md5
• hmac-md5-96
• hmac-sha1
• hmac-sha1-96
• hmac-sha2-256
The default HMAC algorithms are the following:
• hmac-sha2-256
• hmac-sha1
• hmac-sha1-96
• hmac-md5
814
Security