The ssh server cipher command configures encryption algorithms on an SSH server.
The undo ssh server cipher command restores the default encryption algorithms on the SSH server.
By default, the SSH server supports these encryption algorithms: AES128_CTR, AES256_CTR, AES192_CTR, AES128_GCM, AES256_GCM. The SSH server supports these HMAC authentication algorithms: SHA2_512 and SHA2_256.
| Parameter | Description | Value |
|---|---|---|
| des_cbc |
Specifies the DES encryption algorithm in CBC mode. |
- |
| 3des_cbc |
Specifies the 3DES encryption algorithm in CBC mode. |
- |
| aes128_cbc |
Specifies the AES128 encryption algorithm in CBC mode. |
- |
| aes192_cbc |
Specifies the AES192 encryption algorithm in CBC mode. |
- |
| aes256_cbc |
Specifies the AES256 encryption algorithm in CBC mode. |
- |
| aes128_ctr |
Specifies the AES128 encryption algorithm in CTR mode. |
- |
| aes256_ctr |
Specifies the AES256 encryption algorithm in CTR mode. |
- |
| arcfour128 |
Specifies the Arcfour128 encryption algorithm. |
- |
| arcfour256 |
Specifies the Arcfour256 encryption algorithm. |
- |
| blowfish_cbc |
Specifies the Blowfish encryption algorithm in CBC mode. |
- |
| aes128_gcm |
Specifies the AES128 encryption algorithm in GCM mode. |
- |
| aes256_gcm |
Specifies the AES256 encryption algorithm in GCM mode. |
- |
| aes192_ctr |
Specifies the AES192 encryption algorithm in CTR mode. |
- |
Usage Scenario
To configure encryption algorithms on an SSH server, run the ssh server cipher command. The SSH client and server negotiate encryption algorithms for the packets exchanged between them. During negotiation, the client sends the specified encryption algorithms to the server. After comparing the received encryption algorithms with the local ones, the server selects the first matching encryption algorithm received for packet transmission. If no matching encryption algorithm is found, the negotiation fails.
Precautions