The ssh client cipher command configures an encryption algorithm list for an SSH client.
The undo ssh client cipher command restores the default encryption algorithm list of an SSH client.
By default, an SSH client supports five encryption algorithms: AES128_CTR, and AES256_CTR.
Parameter |
Description |
Value |
|---|---|---|
aes128_ctr |
Specifies the CTR AES128 encryption algorithm. |
- |
aes256_ctr |
Specifies the CTR AES256 encryption algorithm. |
- |
Usage Scenario
An SSH server and a client need to negotiate an encryption algorithm for the packets exchanged between them. You can run the ssh client cipher command to configure an encryption algorithm list for the SSH client. After the SSH server receives a packet from the client, the server matches the encryption algorithm list of the client against its local list and selects the first matched encryption algorithm. If no encryption algorithm matches, the negotiation fails.
Precautions
The security levels of encryption algorithms are as follows, from high to low: aes256_ctr, aes128_ctr.
The system software does not support the aes256_cbc, aes128_cbc, 3des_cbc, and des_cbc parameters. To use these parameters, you need to install the WEAKEA plug-in. For higher security purposes, you are advised to specify the aes256_ctr or aes128_ctr parameter.