Specifying Mac Algorithms For Ssh2; Displaying And Maintaining Ssh - HPE FlexNetwork 10500 Series Security Configuration Manual

Step
2. Specify encryption
algorithms for SSH2.

Specifying MAC algorithms for SSH2

Step
1. Enter system view.
2. Specify MAC algorithms for
SSH2.

Displaying and maintaining SSH

Execute display commands in any view.
Task
Display the source IP address configured for
the SFTP client.
Display the source IP address configured for
the Stelnet client.
Display SSH server status or sessions.
Display SSH user information on the SSH
server.
Command
•
In non-FIPS mode:
ssh2 algorithm cipher
{ 3des-cbc | aes128-cbc |
aes128-ctr | aes128-gcm |
aes192-ctr | aes256-cbc |
aes256-ctr | aes256-gcm |
des-cbc } *
•
In FIPS mode:
ssh2 algorithm cipher
{ aes128-cbc | aes128-ctr |
aes128-gcm | aes192-ctr |
aes256-cbc | aes256-ctr |
aes256-gcm } *
Command
system-view
•
In non-FIPS mode:
ssh2 algorithm mac { md5 |
md5-96 | sha1 | sha1-96 |
sha2-256 | sha2-512 } *
•
In FIPS mode:
ssh2 algorithm mac { sha1
| sha1-96 | sha2-256 |
sha2-512 } *
Command
display sftp client source
display ssh client source
display ssh server { session | status }
display ssh user-information [ username ]
424
Remarks
•
In non-FIPS mode:
By default, SSH2 uses the
encryption algorithms
aes128-ctr, aes192-ctr,
aes256-ctr, aes128-gcm,
aes256-gcm, aes128-cbc,
3des-cbc, aes256-cbc, and
des-cbc in descending order
of priority for algorithm
negotiation.
•
In FIPS mode:
By default, SSH2 uses the
encryption algorithms
aes128-ctr, aes192-ctr,
aes256-ctr, aes128-gcm,
aes256-gcm, aes128-cbc,
and aes256-cbc in
descending order of priority
for algorithm negotiation.
Remarks
N/A
•
In non-FIPS mode:
By default, SSH2 uses the
MAC algorithms sha2-256,
sha2-512, sha1, md5,
sha1-96, and md5-96 in
descending order of priority
for algorithm negotiation.
•
In FIPS mode:
By default, SSH2 uses the
MAC algorithms sha2-256,
sha2-512, sha1, and
sha1-96 in descending order
of priority for algorithm
negotiation.