HP 6125XLG Command Reference Manual page 202

Predefined user roles
network-admin
Parameters
server: Specifies a server by its IPv4 address or host name, a case-insensitive string of 1 to 253
characters.
port-number: Specifies the port number of the server, in the range 1 to 65535. The default is 22.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance that the server belongs to, where
vpn-instance-name is a case-sensitive string of 1 to 31 characters.
identity-key: Specifies the public key algorithm for the client, either dsa or rsa. The default is dsa. If the
server uses publickey authentication, this keyword must be specified.
dsa: Specifies the public key algorithm dsa.
•
rsa: Specifies the public key algorithm rsa.
•
prefer-compress: Specifies the preferred compression algorithm between the server and the client. By
default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
prefer-ctos-cipher: Specifies the preferred client-to-server encryption algorithm. The default is aes128.
Algorithms des, 3des, aes128, and aes256 are arranged in ascending order in the aspects of security
strength and calculation time.
3des: Specifies the encryption algorithm 3des-cbc.
•
aes128: Specifies the encryption algorithm aes128-cbc.
•
aes256: Specifies the encryption algorithm aes256-cbc.
•
des: Specifies the encryption algorithm des-cbc.
•
prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is sha1.
Algorithm sha1 features stronger security but costs more time in calculation than md5.
md5: Specifies the HMAC algorithm hmac-md5.
•
• md5-96: Specifies the HMAC algorithm hmac-md5-96.
sha1: Specifies the HMAC algorithm hmac-sha1.
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
•
prefer-kex: Specifies the preferred key exchange algorithm. The default algorithm is dh-group-exchange
in non-FIPS mode and is dh-group14 in FIPS mode. Algorithm dh-group14 features stronger security but
costs more time in calculation than dh-group1.
dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
•
• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
•
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1.
publickey keyname: Specifies the host public key of the server, which is used to authenticate the server.
The keyname argument is a case-insensitive string of 1 to 64 characters.
source: Specifies a source IP address or source interface to connect to the server. By default, the packet
to send gets the primary IP address of its outbound interface from the routing table and uses it as the
source IP address. To avoid the communication failure between the client and the server due to interface
193