HP FlexFabric 7900 Series Command Reference Manual page 212
Security
Hide thumbs
Also See for FlexFabric 7900 Series:
- Command reference manual (294 pages) ,
- Configuration manual (165 pages) ,
- Installation manual (58 pages)
Table of Contents
Advertisement
sha1: Specifies the HMAC algorithm hmac-sha1.
•
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in
non-FIPS mode and dh-group14 in FIPS mode. Algorithm dh-group14 features stronger security but costs
more time in calculation than dh-group1.
dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
•
dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
•
dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
•
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1.
dscp dscp-value: Specifies the DSCP value in the IPv4 SSH packets sent by the SSH client, in the range
of 0 to 63. The default value is 48. The DSCP value determines the transmission priority of the packet.
publickey keyname: Specifies the host public key of the server, which is used to authenticate the server.
The keyname argument is a case-insensitive string of 1 to 64 characters.
source: Specifies a source IP address or source interface to connect to the server. By default, the packet
to send gets the primary IP address of its outbound interface from the routing table and uses it as the
source IP address. To avoid the communication failure between the client and the server due to interface
faults, use the specified loopback interface as the source interface, and either IP address of the two
interfaces as the source IP address.
interface interface-type interface-number: Specifies a source interface by its type and number. The
primary IPv4 address of this interface is the source IP address to send packets.
ip ip-address: Specifies a source IPv4 address.
Usage guidelines
When the server adopts publickey authentication to authenticate a client, the client must get the local
private key for digital signature. Because publickey authentication uses either RSA or DSA algorithm, you
must specify a public key algorithm (by using the identity-key keyword) in order to get the correct data
for the local private key.
Examples
# Establish a connection to the IPv4 Stelnet server 3.3.3.3 and specify the public key of the server as
svkey. The Stelnet client uses publickey authentication. Use the following algorithms:
Preferred key exchange algorithm is dh-group14.
•
Preferred server-to-client encryption algorithm is aes128.
•
Preferred client-to-server HMAC algorithm is sha1.
•
•
Preferred server-to-client HMAC algorithm is sha1-96.
Preferred compression algorithm between the server and client is zlib.
•
<Sysname> ssh2 3.3.3.3 prefer-kex dh-group14 prefer-stoc-cipher aes128 prefer-ctos-hmac
sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib publickey svkey
205
Advertisement
Table of Contents
