R3102-R3103-HP 6600/HSR6600 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-G Router

381

382

383

384

385

386

387

388

389

390

376

prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in

non-FIPS mode, and is dh-group14 in FIPS mode.

• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.

This keyword is not available in FIPS mode.

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.This keyword is not

available in FIPS mode.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.

prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1-96.

Usage guidelines

When the server adopts publickey authentication to authenticate a client, the client must get the local

private key for digital signature. In non-FIPS mode, because the publickey authentication uses either RSA

or DSA algorithm, you must specify the public key algorithm of the client (by using the identity-key

keyword) in order to get the correct local private key.

In non-FIPS mode, the default algorithms are as follows:

• The algorithm for publickey authentication is dsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group-exchange.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

In FIPS mode, the default algorithms are as follows:

• The algorithm for publickey authentication is rsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group14.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

Examples

# Connect to SFTP server 10.1.1.2, using the following connection scheme:

• The preferred key exchange algorithm: dh-group1.

• The preferred server-to-client encryption algorithm: aes128.

• The preferred client-to-server HMAC algorithm: md5.

• The preferred server-to-client HMAC algorithm: sha1-96.

<Sysname> sftp 10.1.1.2 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac

md5 prefer-stoc-hmac sha1-96

Input Username:

sftp client ipv6 source

Use sftp client ipv6 source to specify the source IPv6 address or source interface for the SFTP client.