The ssh client key-exchange command configures a key exchange algorithm list on an SSH client.
The undo ssh client key-exchange command restores the default configuration.
The device starts without configuration. The key exchange algorithm is customized by the product. After the undo command is executed, the SSH client uses the dh_group_exchange_sha256 key exchange algorithms by default.
| Parameter | Description | Value |
|---|---|---|
| dh_group_exchange_sha256 |
Specifies that the Diffie-hellman-group-exchange-sha256 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| dh_group_exchange_sha1 |
Specifies that the Diffie-hellman-group-exchange-sha1 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| dh_group1_sha1 |
Specifies that the Diffie-hellman-group1-sha1 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| ecdh_sha2_nistp256 |
Specifies that the Elliptic curve Diffie-hellman-sha2-nistp256 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| ecdh_sha2_nistp384 |
Specifies that the Elliptic curve Diffie-hellman-sha2-nistp384 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| ecdh_sha2_nistp521 |
Specifies that the Elliptic curve Diffie-hellman-sha2-nistp521 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| sm2_kep |
Specifies that the SuperMemo 2 Key Exchange Protocol algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| dh_group14_sha1 |
Specifies that the Diffie-hellman-group14-sha1 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
| dh_group16_sha512 |
Specifies that the Diffie-hellman-group16-sha512 algorithm is contained in the key exchange algorithm list configured on the SSH client. |
- |
Usage Scenario
The client and server negotiate the key exchange algorithm used for packet transmission. You can run the ssh client key-exchange command to configure a key exchange algorithm list on the SSH client. The SSH server compares the configured key exchange algorithm list with the counterpart sent by the client and then selects the first matched key exchange algorithm for packet transmission. If the key exchange algorithm list sent by the client does not match any algorithm in the key exchange algorithm list configured on the server, the negotiation fails.
This command takes effect for both IPv4 and IPv6 SSH clients.
Precautions
To ensure high security, you can use the key-exchange algorithms such as dh_group16_sha512.