Table of Contents
Advertisement
suite-b: Specifies the Suite B algorithms. If neither the 128-bit keyword nor the 192-bit keyword is
specified, all algorithms in Suite B are used. For more information about the Suite B algorithms, see
Table
69.
128-bit: Specifies the 128-bit Suite B security level.
192-bit: Specifies the 192-bit Suite B security level.
pki-domain domain-name: Specifies the PKI domain of the client's certificate. The domain-name
argument represents the PKI domain name, a case-insensitive string of 1 to 31 characters. Invalid
characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:), dots (.), angle
brackets (< >), quotation marks ("), and apostrophes (').
server-pki-domain domain-name: Specifies the PKI domain for verifying the server's certificate.
The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31
characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:),
dots (.), angle brackets (< >), quotation marks ("), and apostrophes ('). If you do not specify the
server's PKI domain, the client uses the PKI domain of its own certificate to verify the server's
certificate.
prefer-compress: Specifies the preferred compression algorithm for data compression between the
server and the client. By default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
dscp dscp-value: Specifies the DSCP value in the IPv4 SSH packets. The value range for the
dscp-value argument is 0 to 63, and the default value is 48. The DSCP value determines the
transmission priority of the packet.
escape character: Specifies a case-sensitive escape character. By default, the escape character is a
tilde (~).
source: Specifies a source IP address or source interface for SSH packets. By default, the device
uses the primary IPv4 address of the output interface in the routing entry as the source address of
SSH packets. As a best practice to ensure successful Stelnet connections, specify a loopback
interface as the source interface or specify the IPv4 address of the interface as the source IPv4
address.
•
interface interface-type interface-number: Specifies a source interface by its type and number.
The primary IPv4 address of this interface is the source IPv4 address of the SSH packets.
•
ip ip-address: Specifies a source IPv4 address.
Usage guidelines
Table 69 Suite B algorithms
Security
level
128-bit
192-bit
Both
The combination of an escape character and a dot (.) works as an escape sequence. This escape
sequence is typically used to quickly terminate an SSH connection when the server reboots or
malfunctions.
For the escape sequence to take effect, you must enter it at the very beginning of a line. If you have
entered other characters or performed operations in a line, enter the escape sequence in the next
line. As a best practice, use the default escape character (~). Do not use any character in SSH
usernames as the escape character.
Key exchange
algorithm
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp256
ecdh-sha2-nistp384
Encryption algorithm
and HMAC algorithm
aes128-gcm
aes256-gcm
aes128-gcm
aes256-gcm
498
Public key algorithm
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
Advertisement
Table of Contents
