The ssh server cipher command configures an encryption algorithm list for an SSH server.
The undo ssh server cipher command restores the default encryption algorithm list of an SSH server.
By default, an SSH server supports five encryption algorithms: AES128_CTR and AES256_CTR.
Parameter |
Description |
Value |
|---|---|---|
aes128_ctr |
Specifies the CTR AES128 encryption algorithm. |
- |
aes256_ctr |
Specifies the CTR AES256 encryption algorithm. |
- |
Usage Scenario
An SSH server and a client need to negotiate an encryption algorithm for the packets exchanged between them. You can run the ssh server cipher command to configure an encryption algorithm list for the SSH server. After the SSH server receives a packet from the client, the server matches the encryption algorithm list of the client against its local list and selects the first matched encryption algorithm. If no matched encryption algorithms, the negotiation fails.
Precautions
The security levels of encryption algorithms are as follows, from high to low: aes256_ctr, aes128_ctr.
aes256_cbc, aes128_cbc, 3des_cbc and des_cbc provide weak security. Therefore, they are not recommended in the encryption algorithm list.
The system software does not support the aes256_cbc, aes128_cbc, 3des_cbc, and des_cbc parameters. To use these parameters, you need to install the WEAKEA plug-in. For higher security purposes, you are advised to specify the aes256_ctr or aes128_ctr parameter.