HP FlexNetwork MSR Series Command Reference Manual page 642
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
destination-file-name: Specifies the name of the target file. If you do not specify this argument, the
target file uses the same file name as the source file.
identity-key: Specifies a public key algorithm for the client. The default is dsa in non-FIPS mode and
is rsa in FIPS mode. If the server uses publickey authentication, you must specify this keyword. The
client generates the digital signature by using the local private key that is associated with the
specified algorithm.
•
dsa: Specifies the public key algorithm dsa.
•
ecdsa: Specifies the public key algorithm ecdsa.
•
rsa: Specifies the public key algorithm rsa.
prefer-compress: Specifies the preferred compression algorithm between the server and the client.
By default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
prefer-ctos-cipher: Specifies the preferred client-to-server encryption algorithm. The default is
aes128-cbc. Supported algorithms are des-cbc, 3des-cbc, aes128-cbc, and aes256-cbc, in
ascending order of security strength and computation time.
•
3des-cbc: Specifies the encryption algorithm 3des-cbc.
•
des-cbc: Specifies the encryption algorithm des-cbc.
•
aes128-cbc: Specifies the encryption algorithm aes128-cbc.
•
aes256-cbc: Specifies the encryption algorithm aes256-cbc.
prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is sha1.
Algorithms sha1 and sha1-96 provide stronger security but cost more computation time than
algorithms md5 and md5-96.
•
md5: Specifies the HMAC algorithm hmac-md5.
•
md5-96: Specifies the HMAC algorithm hmac-md5-96.
•
sha1: Specifies the HMAC algorithm hmac-sha1.
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex:
Specifies
dh-group-exchange-sha1 in non-FIPS mode and dh-group14-sha1 in FIPS mode.
•
dh-group-exchange-sha1: Specifies the key exchange algorithm
diffie-hellman-group-exchange-sha1.
•
dh-group1-sha1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
•
dh-group14-sha1: Specifies the key exchange algorithm diffie-hellman-group14-sha1. The
algorithm dh-group14-sha1 provides stronger security but costs more computation time than
the algorithm dh-group1-sha1.
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is
aes128-cbc. Supported algorithms are the same as the client-to-server encryption algorithms (see
the prefer-ctos-cipher keyword).
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1.
Supported algorithms are the same as the client-to-server HMAC algorithms (see the
prefer-ctos-hmac keyword).
public-key keyname: Specifies the host public key of the server that the client uses to authenticate
the server. The keyname argument is a case-insensitive string of 1 to 64 characters.
source: Specifies a source IPv4 address or source interface for SCP packets. By default, the device
uses the primary IPv4 address of the output interface in the routing entry as the source IPv4 address
of SCP packets. As a best practice to ensure successful IPv4 SCP connections, specify a loopback
interface or dialer interface as the source interface or specify that interface's IPv4 address as the
source IPv4 address.
the
preferred
key
624
exchange
algorithm.
The
default
is
Advertisement
