HPE FlexNetwork HSR6800 Security Command Reference page 374

prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is
aes128.
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1-96.
Usage guidelines
When the client's authentication method is publickey, the client must get the local private key for
digital signature. In non-FIPS mode, because the publickey authentication uses either RSA or DSA
algorithm, you must specify the public key algorithm of the client (by using the identity-key keyword)
to get the correct local private key.
In non-FIPS mode, the default algorithms are as follows:
•
The algorithm for publickey authentication is dsa.
•
The preferred client-to-server encryption algorithm is aes128.
•
The preferred client-to-server HMAC algorithm is sha1-96.
•
The preferred key exchange algorithm is dh-group-exchange.
•
The preferred server-to-client encryption algorithm is aes128.
•
The preferred server-to-client HMAC algorithm is sha1-96.
In FIPS mode, the default algorithms are as follows:
•
The algorithm for publickey authentication is rsa.
•
The preferred client-to-server encryption algorithm is aes128.
•
The preferred client-to-server HMAC algorithm is sha1-96.
•
The preferred key exchange algorithm is dh-group14.
•
The preferred server-to-client encryption algorithm is aes128.
•
The preferred server-to-client HMAC algorithm is sha1-96.
Examples
# Log in to Stelnet server 2000::1, using the following connection scheme:
•
The preferred key exchange algorithm is dh-group1.
•
The preferred server-to-client encryption algorithm is aes128.
•
The preferred client-to-server HMAC algorithm is md5.
•
The preferred server-to-client HMAC algorithm is sha1-96.
<Sysname> ssh2 ipv6 2000::1 prefer-kex dh-group1 prefer-stoc-cipher aes128
prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96
361