HP 6125XLG Command Reference Manual page 193
Blade switch security command reference
Hide thumbs
Also See for 6125XLG:
- Layer 3 - ip routing configuration manual (492 pages) ,
- Command reference manual (466 pages) ,
- Configuration manual (414 pages)
Table of Contents
Advertisement
des: Specifies the encryption algorithm des-cbc.
•
prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is sha1.
Algorithm sha1 features stronger security but costs more time in calculation than md5.
md5: Specifies the HMAC algorithm hmac-md5.
•
md5-96: Specifies the HMAC algorithm hmac-md5-96.
•
sha1: Specifies the HMAC algorithm hmac-sha1.
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
•
prefer-kex: Specifies the preferred key exchange algorithm. The default algorithm is dh-group-exchange
in non-FIPS mode and is dh-group14 in FIPS mode.
Algorithm dh-group14 features stronger security but costs more time in calculation than dh-group1.
dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
•
dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
•
•
dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.
prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1.
publickey keyname: Specifies the host public key of the sever, which is used to authenticate the server.
The keyname argument is a case-insensitive string of 1 to 64 characters.
source: Specifies a source IPv6 address or source interface to connect to the server. By default, the device
automatically selects a source IPv6 address based on the routing entry. To avoid the communication
failure between the client and the server due to interface faults, use the specified loopback interface as
the source interface, and IPv6 address of this interface as the source IPv6 address.
interface interface-type interface-number: Specifies a source interface by its type and number. The IPv6
address of this interface is the source IPv6 address to send packets.
ipv6 ipv6-address: Specifies a source IPv6 address.
Usage guidelines
When the client's authentication method is publickey, the client must get the local private key for digital
signature. Because the publickey authentication uses either RSA or DSA algorithm, you must specify an
algorithm (by using the identity-key keyword) in order to get the correct data for the local private key.
Examples
# Connect an SCP client to the SCP server 2000::1, specify the public key of the server as svkey, and
download the file abc.txt from the server. The SCP client uses publickey authentication. Use the following
algorithms:
Preferred key exchange algorithm: dh-group14.
•
•
Preferred server-to-client encryption algorithm: aes128.
Preferred client-to-server HMAC algorithm: sha1.
•
Preferred server-to-client HMAC algorithm: sha1-96.
•
Preferred compression algorithm between the server and client: zlib.
•
<Sysname> scp ipv6 2000::1 get abc.txt prefer-kex dh-group14 prefer-stoc-cipher aes128
prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib publickey svkey
184
- Quick Links:
- Local User Commands
- Local-User
- Password
Hide quick links:
Advertisement
Table of Contents
