R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

451

452

453

454

455

456

457

458

459

460

440

prefer-kex: Specifies the preferred key exchange algorithm. The default algorithm is dh-group-exchange

in non-FIPS mode, and dh-group14 in FIPS mode.

• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.

This keyword is not available in FIPS mode.

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1. This keyword is not

available in FIPS mode.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default algorithm is

aes128.

prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default algorithm is

sha1-96.

Usage guidelines

When the server adopts publickey authentication to authenticate a client, the client must get the local

private key for digital signature. In non-FIPS mode, because the publickey authentication uses either RSA

or DSA algorithm, you must specify the public key algorithm of the client (by using the identity-key

keyword) in order to get the correct local private key.

Examples

# Connect to server 2:5::8:9, using the following connection scheme:

• The preferred key exchange algorithm is dh-group1.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is md5.

• The preferred server-to-client HMAC algorithm is sha1-96.

<Sysname> sftp ipv6 2:5::8:9 prefer-kex dh-group1 prefer-stoc-cipher aes128

prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96

Input Username:

ssh client authentication server

Use ssh client authentication server on the client to configure the host public key of a specified server so

that the client can determine whether the server is trustworthy.

Use undo ssh client authentication server to remove the configuration.

Syntax

ssh client authentication server server assign publickey keyname

undo ssh client authentication server server assign publickey

Default

No host public key of a server is configured. When the client logs into a server, it uses the IP address or

host name of the server as the public key name.

Views

System view

Default command level

2: System level