prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in
non-FIPS mode, and is dh-group14 in FIPS mode.
dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
•
This keyword is not available in FIPS mode.
dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.This keyword is not
•
available in FIPS mode.
dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
•
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1-96.
Usage guidelines
When the server adopts publickey authentication to authenticate a client, the client must get the local
private key for digital signature. In non-FIPS mode, because the publickey authentication uses either RSA
or DSA algorithm, you must specify the public key algorithm of the client (by using the identity-key
keyword) in order to get the correct local private key.
In non-FIPS mode, the default algorithms are as follows:
The algorithm for publickey authentication is dsa.
•
The preferred client-to-server encryption algorithm is aes128.
•
•
The preferred client-to-server HMAC algorithm is sha1-96.
The preferred key exchange algorithm is dh-group-exchange.
•
The preferred server-to-client encryption algorithm is aes128.
•
The preferred server-to-client HMAC algorithm is sha1-96.
•
In FIPS mode, the default algorithms are as follows:
The algorithm for publickey authentication is rsa.
•
The preferred client-to-server encryption algorithm is aes128.
•
•
The preferred client-to-server HMAC algorithm is sha1-96.
The preferred key exchange algorithm is dh-group14.
•
The preferred server-to-client encryption algorithm is aes128.
•
•
The preferred server-to-client HMAC algorithm is sha1-96.
Examples
# Connect to SFTP server 10.1.1.2, using the following connection scheme:
•
The preferred key exchange algorithm: dh-group1.
The preferred server-to-client encryption algorithm: aes128.
•
The preferred client-to-server HMAC algorithm: md5.
•
•
The preferred server-to-client HMAC algorithm: sha1-96.
<Sysname> sftp 10.1.1.2 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac
md5 prefer-stoc-hmac sha1-96
Input Username:
sftp client ipv6 source
Use sftp client ipv6 source to specify the source IPv6 address or source interface for the SFTP client.
376