R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

201

202

203

204

205

206

207

208

209

210

202

Parameters

server: IPv4 address or host name of the server, a case-insensitive string of 1 to 20 characters.

port-number: Port number of the server, in the range 0 to 65535. The default is 22.

vpn-instance vpn-instance-name: Specifies the VPN that the server belongs to, where vpn-instance-name

is a case-sensitive string of 1 to 31 characters. If the server is on the public network, do not specify this

option.

identity-key: Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa.

prefer-ctos-cipher: Preferred encryption algorithm from client to server, defaulted to aes128.

• 3des: Encryption algorithm 3des-cbc.

• aes128: Encryption algorithm aes128-cbc.

• aes256: Encryption algorithm aes256-cbc.

• des: Encryption algorithm des-cbc.

prefer-ctos-hmac: Preferred HMAC algorithm from client to server, defaulted to sha1-96.

• md5: HMAC algorithm hmac-md5.

• md5-96: HMAC algorithm hmac-md5-96.

• sha1: HMAC algorithm hmac-sha1.

• sha1-96: HMAC algorithm hmac-sha1-96.

prefer-kex: Preferred key exchange algorithm, defaulted to dh-group-exchange.

• dh-group-exchange: Key exchange algorithm diffie-hellman-group-exchange-sha1.

• dh-group1: Key exchange algorithm diffie-hellman-group1-sha1.

• dh-group14: Key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Preferred encryption algorithm from server to client, defaulted to aes128.

prefer-stoc-hmac: Preferred HMAC algorithm from server to client, defaulted to sha1-96.

Description

Use ssh2 to establish a connection to an IPv4 SSH server and specify the public key algorithm, the

preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC

algorithms between the client and server.

When the client's authentication method is publickey, the client needs to get the local private key for

validation. In non-FIPS mode, as the publickey authentication uses RSA and DSA algorithms, you must

specify an algorithm (by specifying the identity-key keyword) in order to get the correct data for the local

private key.

The following matrix shows the default algorithms used in FIPS and non-FIPS modes when an SSH client

establishes a connection to the SSH server.

Preferred al

orithm In non-FIPS mode

In FIPS mode

Public key algorithm

dsa rsa

Client-to-server preferred encryption algorithm

aes128

Client-to-server preferred HMAC algorithm

sha1-96 sha1-96

Preferred key exchange algorithm

dh-group-exchange dh-group14

Server-to-client preferred encryption algorithm

aes128 aes128