HP FlexNetwork MSR Series Command Reference Manual page 650
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is sha1.
Algorithms sha1 and sha1-96 provide stronger security but cost more computation time than
algorithms md5 and md5-96.
•
md5: Specifies the HMAC algorithm hmac-md5.
•
md5-96: Specifies the HMAC algorithm hmac-md5-96.
•
sha1: Specifies the HMAC algorithm hmac-sha1.
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex:
dh-group-exchange-sha1 in non-FIPS mode and dh-group14-sha1 in FIPS mode.
•
dh-group-exchange-sha1: Specifies the key exchange algorithm
diffie-hellman-group-exchange-sha1.
•
dh-group1-sha1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
•
dh-group14-sha1: Specifies the key exchange algorithm diffie-hellman-group14-sha1. The
algorithm dh-group14-sha1 provides stronger security but costs more computation time than
the algorithm dh-group1-sha1.
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is
aes128-cbc. Supported algorithms are the same as the client-to-server encryption algorithms (see
the prefer-ctos-cipher keyword).
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1.
Supported algorithms are the same as the client-to-server HMAC algorithms (see the
prefer-ctos-hmac keyword).
dscp dscp-value: Specifies the DSCP value in the IPv6 SFTP packets. The value range for the
dscp-value argument is 0 to 63, and the default value is 48. The DSCP value determines the
transmission priority of the packet.
public-key keyname: Specifies the host public key of the server that the client uses to authenticate
the server. The keyname argument is a case-insensitive string of 1 to 64 characters.
source: Specifies a source IPv6 address or source interface for IPv6 SFTP packets. By default, the
device automatically selects a source IPv6 address for IPv6 SFTP packets in compliance with RFC
3484. As a best practice to ensure successful IPv6 SFTP connections, specify a loopback interface
or dialer interface as the source interface or specify that interface's IPv6 address as the source IPv6
address.
interface interface-type interface-number: Specifies a source interface by its type and number. The
IPv6 address of this interface is the source IP address of the IPv6 SFTP packets.
ipv6 ipv6-address: Specifies a source IPv6 address.
Examples
# Connect an SFTP client to the IPv6 SFTP server 2000::1 and specify the public key of the server
as svkey. The SFTP client uses publickey authentication. Use the following algorithms:
•
Preferred key exchange algorithm: dh-group14-sha1.
•
Preferred server-to-client encryption algorithm: aes128-cbc.
•
Preferred client-to-server HMAC algorithm: sha1.
•
Preferred server-to-client HMAC algorithm: sha1-96.
•
Preferred compression algorithm: zlib.
<Sysname> sftp ipv6 2000::1 prefer-kex dh-group14-sha1 prefer-stoc-cipher aes128-cbc
prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib public-key svkey
Username:
Specifies
the
preferred
key
exchange
632
algorithm.
The
default
is
Advertisement
