To configure the various parameters associated with SSH server including secure socket layer ( SSL) encryption ciphers, use the command ip ssh in Global Configuration Mode. The standard port used by SSH is 22. SSH server allows remote and secure configuration of the switch. The SSH server provides protocol version exchange, data integrity, cipher and key exchange algorithms negotiation between two communicating entities, key exchange mechanism, encryption and server authentication. The no form of the command resets the various parameters associated with the SSH server. Version 2 of SSH is supported.
| Parameter | Type | Description |
|---|---|---|
cipher
|
Enter to configure a cipher or algorithm encryption. The SSL protocol supports a variety of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and client to each other, transmitting certificates, and establishing session keys. Clients and servers may support different cipher suites, or sets of ciphers, depending on various factors such as the version of SSL they support, company policies, etc. The list of available cipher suites / lists is as follows: | |
| DHE_RSA_AES256_SHA256 | Enter for
DHE_RSA_AES256_SHA256
Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 |
|
| ECDH_ECDSA_AES128_SHA256 | Enter for ECDH_ECDSA_AES128_SHA256
Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 |
|
| ECDH_RSA_AES128_SHA256 | Enter for ECDH_RSA_AES128_SHA256
Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 |
|
| ECDH_RSA_AES128_SHA256 | Enter for ECDH_RSA_AES128_SHA256
Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA256 |
|
| ECDH_RSA_CHACHA20_POLY1305 | Enter for ECDH_RSA_CHACHA20_POLY1305
Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) |
|
| ALL | Enter for All of the ciphers. |
Global Configuration Mode
iS5Comm (config)# ip ssh cipher ECDH_RSA_CHACHA20_POLY1305 DHE_RSA_AES256_SHA256