Concept Guide
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
The default cipher list is aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Conguring a Cipher List
The following example shows you how to congure a cipher list.
DellEMC(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr
Conguring the SSH Client Cipher List
To congure the cipher list supported by the SSH client, use the ip ssh cipher cipher-list command in CONFIGURATION mode.
cipher-list-: Enter a space-delimited list of ciphers the SSH Client supports.
The following ciphers are available.
• 3des-cbc
• aes128-cbc
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
The default cipher list is in the given order: aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, 3des-cbc.
Example of Conguring a Cipher List
The following example shows you how to congure a cipher list.
DellEMC(conf)#ip ssh cipher aes128-ctr aes128-cbc 3des-cbc
Conguring DNS in the SSH Server
Dell EMC Networking provides support to enable the DNS in SSH server conguration for host-based authentication. You can specify
whether the SSH Server should look up the remote host name and check whether the resolved host name for the remote IP address maps
to the same IP address. By default, the DNS in the SSH server conguration is disabled.
To enable the DNS in the SSH server conguration, use the following command.
• Enable the DNS in the SSH server conguration.
CONFIGURATION mode
[no] ip ssh server dns enable
To disable the DNS in the SSH server conguration, use the no version of this command.
882
Security