HP FlexNetwork MSR Series Command Reference Manual page 656
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex:
dh-group-exchange-sha1 in non-FIPS mode and dh-group14-sha1 in FIPS mode.
•
dh-group-exchange-sha1: Specifies the key exchange algorithm
diffie-hellman-group-exchange-sha1.
•
dh-group1-sha1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
•
dh-group14-sha1: Specifies the key exchange algorithm diffie-hellman-group14-sha1. The
algorithm dh-group14-sha1 provides stronger security but costs more computation time than
the algorithm dh-group1-sha1.
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is
aes128-cbc. Supported algorithms are the same as the client-to-server encryption algorithms (see
the prefer-ctos-cipher keyword).
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1.
Supported algorithms are the same as the client-to-server HMAC algorithms (see the
prefer-ctos-hmac keyword).
dscp dscp-value: Specifies the DSCP value in the IPv6 SSH packets. The value range for the
dscp-value argument is 0 to 63, and the default value is 48. The DSCP value determines the
transmission priority of the packet.
escape character: Specifies a case-sensitive escape character. By default, the escape character is a
tilde (~).
public-key keyname: Specifies the server by its host public key that the client uses to authenticate
the server. The keyname argument is a case-insensitive string of 1 to 64 characters.
source: Specifies a source IPv6 address or source interface for IPv6 SSH packets. By default, the
device automatically selects a source IPv6 address for IPv6 SSH packets in compliance with RFC
3484. As a best practice to ensure successful IPv6 Stelnet connections, specify a loopback interface
or dialer interface as the source interface or specify that interface's IPv6 address as the source IPv6
address.
interface interface-type interface-number: Specifies a source interface by its type and number. The
IPv6 address of this interface is the source IP address of the IPv6 SSH packets.
ipv6 ipv6-address: Specifies a source IPv6 address.
Usage guidelines
The combination of an escape character and a dot (.) works as an escape sequence. This escape
sequence is typically used to quickly terminate an SSH connection when the server reboots or
malfunctions.
For the escape sequence to take effect, you must enter it at the very beginning of a line. If you have
entered other characters or performed operations in a line, enter the escape sequence in the next
line.
As a best practice, use the default escape character (~). Do not use any characters in SSH
usernames as the escape character.
Examples
# Establish a connection to the IPv6 Stelnet server 2000::1 and specify the public key of the server
as svkey. The SSH client uses publickey authentication. Specify the dollar sign ($) as the escape
character. Use the following algorithms:
•
Preferred key exchange algorithm: dh-group14-sha1.
•
Preferred server-to-client encryption algorithm: aes128-cbc.
•
Preferred client-to-server HMAC algorithm: sha1.
•
Preferred server-to-client HMAC algorithm: sha1-96.
•
Preferred compression algorithm: zlib.
Specifies
the
preferred
key
exchange
638
algorithm.
The
default
is
Advertisement
