Specifying SSH Encryption Ciphers
The SSH Configuration mode ciphers CLI command configures the cipher priority list in sshd for SSH
symmetric encryption. It changes the cipher options for that context.
Step 1
Enter the SSH Configuration mode.
[local]host_name(config-ctx)# server sshd
Step 2
Specify the desired encryption algorithms.
[local]host_name(config-sshd)# ciphers algorithm
Notes:
•
algorithm is a string of 1 through 511 alphanumeric characters that specifies the algorithm(s) to be used as a single
string of comma-separated variables (no spaces) in priority order from those shown below:
• blowfish-cbc – symmetric-key block cipher, Cipher Block Chaining, (CBC)
• 3des-cbc – Triple Data Encryption Standard, CBC
• aes128-cbc – Advanced Encryption Standard (AES), 128-bit key size, CBC
• aes128-ctr – AES, 128-bit key size, Counter-mode encryption (CTR)
• aes192-ctr – AES, 192-bit key size, CTR
• aes256-ctr – AES, 256-bit key size, CTR
• aes128-gcm@openssh.com – AES, 128-bit key size, Galois Counter Mode [GCM], OpenSSH
• aes256-gcm@openssh.com – AES, 256-bit key size, GCM, OpenSSH
• chacha20-poly1305@openssh.com – ChaCha20 symmetric cipher, Poly1305 cryptographic Message
Authentication Code [MAC], OpenSSH
The default string for algorithm is:
blowfish-cbc,3des-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
Step 3
Exit the SSH Configuration mode.
[local]host_name(config-sshd)# end
[local]host_name#
ASR 5500 Installation Guide
108
Initial System Configuration
Specifying SSH Encryption Ciphers
To Next Page
Loading...
