R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

221

222

223

224

225

226

227

228

229

230

216

prefer-ctos-cipher: Preferred encryption algorithm from client to server, defaulted to aes128.

• 3des: Encryption algorithm 3des-cbc.

• aes128: Encryption algorithm aes128-cbc.

• aes256: Encryption algorithm aes256-cbc.

• des: Encryption algorithm des-cbc.

prefer-ctos-hmac: Preferred HMAC algorithm from client to server, defaulted to sha1-96.

• md5: HMAC algorithm hmac-md5.

• md5-96: HMAC algorithm hmac-md5-96.

• sha1: HMAC algorithm hmac-sha1.

• sha1-96: HMAC algorithm hmac-sha1-96.

prefer-kex: Preferred key exchange algorithm, defaulted to dh-group-exchange.

• dh-group-exchange: Key exchange algorithm diffie-hellman-group-exchange-sha1.

• dh-group1: Key exchange algorithm diffie-hellman-group1-sha1.

• dh-group14: Key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Preferred encryption algorithm from server to client, defaulted to aes128.

prefer-stoc-hmac: Preferred HMAC algorithm from server to client, defaulted to sha1-96.

Description

Use sftp to establish a connection to a remote IPv4 SFTP server and enter SFTP client view.

When the client's authentication method is publickey, the client needs to get the local private key for

validation. In non-FIPS mode, as the publickey authentication uses RSA and DSA algorithms, you must

specify an algorithm (by specifying the identity-key keyword) in order to get the correct data for the local

private key.

The following matrix shows the default algorithms used in FIPS and non-FIPS modes when an SFTP client

establishes a connection to the SFTP server.

Preferred al

orithm In non-FIPS mode

In FIPS mode

Public key algorithm dsa rsa

Client-to-server preferred encryption algorithm aes128 aes128

Client-to-server preferred HMAC algorithm sha1-96 sha1-96

Preferred key exchange algorithm dh-group-exchange dh-group14

Server-to-client preferred encryption algorithm aes128 aes128

Server-to-client preferred HMAC algorithm sha1-96 sha1-96

Examples

# Connect to SFTP server 10.1.1.2, using the following algorithms:

• Preferred key exchange algorithm: dh-group1.

• Preferred encryption algorithm from server to client: aes128.

• Preferred HMAC algorithm from client to server: md5.

• Preferred HMAC algorithm from server to client: sha1-96.