Configuring Encryption - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 Configuration Manual
Software for e series broadband services routers system basics configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04:
- Configuration manual (304 pages) ,
- Reference manual (284 pages)
Table of Contents
Advertisement
ip ssh crypto
Copyright © 2010, Juniper Networks, Inc.
Configuring Encryption
The embedded SSH server and external SSH client maintain separate lists of the
encryption algorithms that each supports. Lists are kept for inbound and outbound
algorithms. For the server:
Inbound means the algorithms that the server supports for information coming in from
a client.
Outbound means the algorithms that the server supports for information it sends out
to a client.
You must configure each list separately. By default, all of the supported encryption
algorithms are available. You need to configure encryption only if you need to specifically
remove or add any supported algorithm from the list. Refer to your SSH client
documentation for details on configuring encryption on your client. The system supports
the following SSH algorithms for encryption:
3des-cbc—A triple DES block cipher with 8-byte blocks and 24 bytes of key data. The
first 8 bytes of the key data are used for the first encryption, the next 8 bytes for the
decryption, and the following 8 bytes for the final encryption.
blowfish-cbc—A block cipher with 8-byte blocks and 128-bit keys that provides strong
encryption and is faster than DES.
twofish-cbc—A block cipher with 16-byte blocks and 256-bit keys that is stronger and
faster than Blowfish encryption.
Although it is not recommended, you can also specify none. In this case, the system does
not perform encryption.
Use to add an encryption algorithm to the specified support list for the SSH server.
Example 1—This example adds the blowfish-cbc algorithm to the list of supported
inbound algorithms.
host1(config)#ip ssh crypto client-to-server blowfish-cbc
Example 2—This example removes the 3des-cbc algorithm from the list of supported
outbound algorithms.
host1(config)#ip ssh crypto server-to-client no 3des-cbc
The default version restores the specified list to the factory default, which includes all
supported algorithms (3des-cbc, twofish-cbc, and blowfish-cbc). The default list does
not include the none option.
Example
host1(config)#ip ssh crypto server-to-client default 3des-cbc
If you do not specify a direction (client-to-server or server-to-client), the command
applies the algorithm to both inbound and outbound lists.
Chapter 7: Passwords and Security
425
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 and is the answer not in the manual?
Questions and answers