Table of Contents
Advertisement
sha2-256 | sha2-512 } | prefer-kex { dh-group-exchange-sha1 | dh-group1-sha1 |
dh-group14-sha1 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 } | prefer-stoc-cipher { 3des-cbc |
aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm |
des-cbc } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 | sha2-256 | sha2-512 } ] * [ dscp
dscp-value | escape character | { public-key keyname | server-pki-domain domain-name } |
source { interface interface-type interface-number | ip ip-address } ] *
In FIPS mode:
ssh2
server
{ ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384 | rsa | { x509v3-ecdsa-sha2-nistp256 |
x509v3-ecdsa-sha2-nistp384 } pki-domain domain-name } | prefer-compress zlib |
prefer-ctos-cipher { aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc |
aes256-ctr | aes256-gcm } | prefer-ctos-hmac { sha1 | sha1-96 | sha2-256 | sha2-512 } |
prefer-kex { dh-group14-sha1 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 } | prefer-stoc-cipher
{ aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm } |
prefer-stoc-hmac { sha1 | sha1-96 | sha2-256 | sha2-512 } ] * [ escape character | { public-key
keyname | server-pki-domain domain-name } | source { interface interface-type interface-number
| ip ip-address } ] *
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
server: Specifies a server by its IPv4 address or host name, a case-insensitive string of 1 to 253
characters.
port-number: Specifies the port number of the server, in the range 1 to 65535. The default is 22.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the server belongs.
The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to
31 characters.
identity-key: Specifies a public key algorithm for publickey authentication of the client. The default is
dsa in non-FIPS mode and is rsa in FIPS mode. If the server uses publickey authentication, you
must specify this keyword. The client generates the digital signature or certificate by using the local
private key that is associated with the specified algorithm.
•
dsa: Specifies the public key algorithm dsa.
•
ecdsa-sha2-nistp256: Specifies the ECDSA algorithm with 256-bit key strength.
•
ecdsa-sha2-nistp384: Specifies the ECDSA algorithm with 384-bit key strength.
•
rsa: Specifies the public key algorithm rsa.
•
x509v3-ecdsa-sha2-nistp256: Specifies the public key algorithm
x509v3-ecdsa-sha2-nistp256.
•
x509v3-ecdsa-sha2-nistp384: Specifies the public key algorithm
x509v3-ecdsa-sha2-nistp384.
•
pki-domain domain-name: Specifies the PKI domain of the client's certificate. The
domain-name argument is a case-insensitive string of 1 to 31 characters. When the x509v3
public key algorithm is used, you must specify this option for the client to get the correct local
certificate.
prefer-compress: Specifies the preferred compression algorithm for data compression between the
server and the client. By default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
[
port-number
]
[
vpn-instance
vpn-instance-name
490
]
[
identity-key
Advertisement
Table of Contents
