R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

451

452

453

454

455

456

457

458

459

460

445

• sha1-96: Specifies the HMAC algorithm hmac-sha1-96.

prefer-kex: Specifies the preferred key exchange algorithm. The default algorithm is dh-group-exchange

in non-FIPS mode, and dh-group14 in FIPS mode.

• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.

This keyword is not available in FIPS mode.

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1. This keyword is not

available in FIPS mode.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default algorithm is

aes128.

prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default algorithm is

sha1-96.

Usage guidelines

When the client's authentication method is publickey, the client must get the local private key for digital

signature. In non-FIPS mode, because the publickey authentication uses either RSA or DSA algorithm, you

must specify the public key algorithm of the client (by using the identity-key keyword) to get the correct

local private key.

Examples

# Log in to Stelnet server 10.214.50.51, using the following connection scheme:

• The preferred key exchange algorithm is dh-group1.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is md5.

• The preferred server-to-client HMAC algorithm is sha1-96.

<Sysname> ssh2 10.214.50.51 prefer-kex dh-group1 prefer-stoc-cipher aes128

prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96

ssh2 ipv6

Use ssh2 ipv6 to establish a connection to an IPv6 Stelnet server and specify public key algorithm, the

preferred key exchange algorithm, the preferred encryption algorithms, and preferred HMAC algorithms

between the client and server.

Syntax

In non-FIPS mode:

ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } |

prefer-compress { zlib | zlib-openssh } | prefer-ctos-cipher { 3des | aes128 | aes256 | des } |

prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1

| dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 |

md5-96 | sha1 | sha1-96 } ] *

In FIPS mode:

ssh2 ipv6 server [ port-number ] [ identity-key rsa | prefer-ctos-cipher { aes128 | aes256 } |

prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14 | pr

efer-stoc-cipher { aes128 | aes256 }

| prefer-stoc-hmac { sha1 | sha1-96 } ] *