Table of Contents
Advertisement
•
3des-cbc: Specifies the encryption algorithm 3des-cbc.
•
aes128-cbc: Specifies the encryption algorithm aes128-cbc.
•
aes128-ctr: Specifies the encryption algorithm aes128-ctr.
•
aes128-gcm: Specifies the encryption algorithm aes128-gcm.
•
aes192-ctr: Specifies the encryption algorithm aes192-ctr.
•
aes256-cbc: Specifies the encryption algorithm aes256-cbc.
•
aes256-ctr: Specifies the encryption algorithm aes256-ctr.
•
aes256-gcm: Specifies the encryption algorithm aes256-gcm.
•
des-cbc: Specifies the encryption algorithm des-cbc.
prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is
sha2-256. Supported algorithms are md5, md5-96, sha1, sha1-96, sha2-256, and sha2-512, in
ascending order of security strength and computation time.
•
md5: Specifies the HMAC algorithm hmac-md5.
•
md5-96: Specifies the HMAC algorithm hmac-md5-96.
•
sha1: Specifies the HMAC algorithm hmac-sha1.
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
•
sha2-256: Specifies the HMAC algorithm hmac-sha2-256.
•
sha2-512: Specifies the HMAC algorithm hmac-sha2-512.
prefer-kex: Specifies the preferred key exchange algorithm. The default is ecdh-sha2-nistp256.
Supported algorithms are dh-group-exchange-sha1, dh-group1-sha1, dh-group14-sha1,
ecdh-sha2-nistp256, and ecdh-sha2-nistp384, in ascending order of security strength and
computation time.
•
dh-group-exchange-sha1: Specifies the key exchange algorithm
diffie-hellman-group-exchange-sha1.
•
dh-group1-sha1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
•
dh-group14-sha1: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
•
ecdh-sha2-nistp256: Specifies the key exchange algorithm ecdh-sha2-nistp256.
•
ecdh-sha2-nistp384: Specifies the key exchange algorithm ecdh-sha2-nistp384.
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is
aes128-ctr. Supported algorithms are the same as the client-to-server encryption algorithms (see
the prefer-ctos-cipher keyword).
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is
sha2-256. Supported algorithms are the same as the client-to-server HMAC algorithms (see the
prefer-ctos-hmac keyword).
public-key keyname: Specifies the server's host public key that the client uses to authenticate the
server. The keyname argument is a case-insensitive string of 1 to 64 characters.
server-pki-domain domain-name: Specifies the PKI domain for verifying the server's certificate.
The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31
characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:),
dots (.), angle brackets (< >), quotation marks ("), and apostrophes (').
source: Specifies a source IPv4 address or source interface for SCP packets. By default, the device
uses the primary IPv4 address of the output interface in the routing entry as the source address of
SCP packets. As a best practice to ensure successful SCP connections, specify a loopback interface
as the source interface or specify that interface's IPv4 address as the source IPv4 address.
•
interface interface-type interface-number: Specifies a source interface by its type and number.
The IPv4 address of this interface is the source IPv4 address of the SCP packets.
•
ip ip-address: Specifies a source IPv4 address.
470
Advertisement
Table of Contents
