R3102-R3103-HP 6600/HSR6600 Routers Security Command Reference
385
• The preferred key exchange algorithm is dh-group14.
• The preferred server-to-client encryption algorithm is aes128.
• The preferred server-to-client HMAC algorithm is sha1-96.
Examples
# Log in to Stelnet server 10.214.50.51, using the following connection scheme:
• The preferred key exchange algorithm: dh-group1.
• The preferred server-to-client encryption algorithm: aes128.
• The preferred client-to-server HMAC algorithm: md5.
• The preferred server-to-client HMAC algorithm: sha1-96.
<Sysname> ssh2 10.214.50.51 prefer-kex dh-group1 prefer-stoc-cipher aes128
prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96
ssh2 ipv6
Use ssh2 ipv6 to establish a connection to an IPv6 Stelnet server and specify public key algorithm, the
preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC
algorithms between the client and server.
Syntax
In non-FIPS mode:
ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } |
prefer-compress { zlib | zlib-openssh } | prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac
{ md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } |
prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *
In FIPS mode:
ssh2 ipv6 server [ port-number ] [ identity-key rsa | prefer-ctos-cipher { aes128 | aes256 } |
prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14 | prefer-stoc-cipher { aes128 | aes
256 }
| prefer-stoc-hmac { sha1 | sha1-96 } ] *
Views
User view
Default command level
0: Visit level
Parameters
server: Specifies an IPv6 server by its address or host name, a case-insensitive string of 1 to 46
characters.
port-number: Specifies the port number of the server, in the range of 0 to 65535. The default is 22.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN that the server belongs to, where the
vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the server is on the public
network, do not specify this option.
identity-key: Specifies the algorithm for publickey authentication, either dsa or rsa. In non-FIPS mode, the
algorithm is either dsa or rsa. In FIPS mode, the algorithm is rsa.
• dsa: Specifies the public key algorithm dsa.
• rsa: Specifies the public key algorithm rsa.