R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Command Reference-6PW101
204
• md5: HMAC algorithm hmac-md5.
• md5-96: HMAC algorithm hmac-md5-96.
• sha1: HMAC algorithm hmac-sha1.
• sha1-96: HMAC algorithm hmac-sha1-96.
prefer-kex: Preferred key exchange algorithm, default to dh-group-exchange.
• dh-group-exchange: Key exchange algorithm diffie-hellman-group-exchange-sha1.
• dh-group1: Key exchange algorithm diffie-hellman-group1-sha1.
• dh-group14: Key exchange algorithm diffie-hellman-group14-sha1.
prefer-stoc-cipher: Preferred encryption algorithm from server to client, defaulted to aes128.
prefer-stoc-hmac: Preferred HMAC algorithm from server to client, defaulted to sha1-96.
Description
Use ssh2 ipv6 to establish a connection to an IPv6 SSH server and specify public key algorithm, the
preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC
algorithms between the client and server.
When the client's authentication method is publickey, the client needs to get the local private key for
validation. In non-FIPS mode, as the publickey authentication uses RSA and DSA algorithms, you must
specify an algorithm (by specifying the identity-key keyword) in order to get the correct data for the local
private key.
The following matrix shows the default algorithms used in FIPS and non-FIPS modes when an SSH client
establishes a connection to the SSH server.
Preferred al
g
orithm In non-FIPS mode
In FIPS mode
Public key algorithm dsa rsa
Client-to-server preferred
encryption algorithm
aes128 aes128
Client-to-server preferred HMAC
algorithm
sha1-96 sha1-96
Preferred key exchange algorithm dh-group-exchange dh-group14
Server-to-client preferred
encryption algorithm
aes128 aes128
Server-to-client preferred HMAC
algorithm
sha1-96 sha1-96
Examples
# Log in to remote SSH2.0 server 2000::1, setting the algorithms as follows:
• Preferred key exchange algorithm: DH-group1
• Preferred encryption algorithm from server to client: AES128
• Preferred HMAC algorithm from client to server: MD5
• Preferred HMAC algorithm from server to client: SHA1-96
<Sysname> ssh2 ipv6 2000::1 prefer-kex dh-group1 prefer-stoc-cipher aes128
prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96