ssh client key-exchange

Usage Scenario

The client and server negotiate the key exchange algorithm used for packet transmission. You can run the ssh client key-exchange command to configure a key exchange algorithm list for the SSH client. The SSH server compares the configured key exchange algorithm list with the counterpart sent by the client and then selects the first matched key exchange algorithm for packet transmission. If the key exchange algorithm list sent by the client does not match any algorithm in the key exchange algorithm list configured on the server, the negotiation fails.

Precautions

The security levels of key exchange algorithms are as follows, from high to low: dh_group16_sha512, dh_group15_sha512, dh_group_exchange_sha256, and dh_group14_sha256. The system software does not support the dh_group_exchange_sha1, dh_group14_sha1, and dh_group1_sha1 parameters. To use the dh_group_exchange_sha1, dh_group14_sha1, or dh_group1_sha1 parameter, you need to install the WEAKEA plug-in. For higher security purposes, you are advised to use other parameters.

The higher the security level of a key exchange algorithm, the longer the time required by the device to calculate the key.