Configuring Ssh Key Generation Wait Time; Specifying Ssh Encryption Ciphers - Cisco ASR 5000 Administration Manual

SSH Keys

Configuring SSH Key Generation Wait Time

SSH keys can only be generated after a configurable time interval has expired since the last key generation.
The ssh key-gen wait-time command specifies this wait time in seconds. The default interval is 300 seconds
(5 minutes).
Step 1
Enter the context configuration mode.
host_name
[local]
[local]host_name(config-ctx)#
Step 2 Specify the wait time interval.
host_name
[local]
host_name
[local]
Notes:
• seconds is specified as an integer from 0 through 86400. Default = 300

Specifying SSH Encryption Ciphers

The SSH Configuration mode ciphers CLI command configures the cipher priority list in sshd for SSH
symmetric encryption. It changes the cipher options for that context.
Step 1 Enter the SSH Configuration mode.
host_name
[local]
Step 2 Specify the desired encryption algorithms.
host_name
[local]
Notes:
• algorithm is a string of 1 through 511 alphanumeric characters that specifies the algorithm(s) to be used as a single
string of comma-separated variables (no spaces) in priority order from those shown below:
• blowfish-cbc – symmetric-key block cipher, Cipher Block Chaining, (CBC)
• 3des-cbc – Triple Data Encryption Standard, CBC
• aes128-cbc – Advanced Encryption Standard (AES), 128-bit key size, CBC
• aes128-ctr – AES, 128-bit key size, Counter-mode encryption (CTR)
• aes192-ctr – AES, 192-bit key size, CTR
• aes256-ctr – AES, 256-bit key size, CTR
• aes128-gcm@openssh.com – AES, 128-bit key size, Galois Counter Mode [GCM], OpenSSH
• aes256-gcm@openssh.com – AES, 256-bit key size, GCM, OpenSSH
ASR 5000 System Administration Guide, StarOS Release 21.1
28
context context_name
(config)#
ssh key-gen wait-time seconds
(config-ctx)#
(config-ctx)#
server sshd
(config-ctx)#
ciphers algorithm
(config-sshd)#
Getting Started