The ssh client cipher command configures encryption algorithms on an SSH client.
The undo ssh client cipher command restores the default encryption algorithms on an SSH client.
By default, the SSH client supports these encryption algorithms: AES128_CTR, AES256_CTR, AES192_CTR, AES128_GCM, AES256_GCM.
| Parameter | Description | Value |
|---|---|---|
| des_cbc |
Specifies a DES encryption algorithm in CBC mode. |
- |
| 3des_cbc |
Specifies a 3DES encryption algorithm in CBC mode. |
- |
| aes128_cbc |
Specifies an AES128 encryption algorithm in CBC mode. |
- |
| aes256_cbc |
Specifies an AES256 encryption algorithm in CBC mode. |
- |
| aes128_ctr |
Specifies an AES128 encryption algorithm in CTR mode. |
- |
| aes256_ctr |
Specifies an AES256 encryption algorithm in CTR mode. |
- |
| arcfour128 |
Specifies an Arcfour128 encryption algorithm. |
- |
| arcfour256 |
Specifies an Arcfour256 encryption algorithm. |
- |
| aes192_cbc |
Specifies an AES192 encryption algorithm in CBC mode. |
- |
| aes128_gcm |
Specifies an AES128 encryption algorithm in GCM mode. |
- |
| aes256_gcm |
Specifies an AES256 encryption algorithm in GCM mode. |
- |
| aes192_ctr |
Specifies an AES192 encryption algorithm in CTR mode. |
- |
Usage Scenario
To configure encryption algorithms on an SSH client, run the ssh client cipher command. The SSH client and server negotiate encryption algorithms for the packets exchanged between them. During negotiation, the client sends its encryption algorithms to the server. After comparing the received encryption algorithms with local ones, the server selects the first matching encryption algorithm received for packet transmission. If no matching encryption algorithm is found, the negotiation fails.
Precautions