mac
hmac-
algorithm
Enter the keyword
mac
then a space-delimited list of hash message authentication code
(HMAC) algorithms supported by the SSH server for keying hashing for the message
authentication.
The following HMAC algorithms are available:
•
hmac-sha1
•
hmac-sha1-96
•
hmac-sha2-256
When FIPS is enabled, the default HMAC algorithm is
hmac-sha1-96
.
When FIPS is not enabled, the default HMAC algorithms are the following:
•
hmac-md5
•
hmac-md5-96
•
hmac-sha1
•
hmac-sha1-96
•
hmac-sha2-256
kex
key-exchange-
algorithm
Enter the keyword
kex
and then a space-delimited list of key exchange algorithms
supported by the SSH server.
The following key exchange algorithms are available:
•
diffie-hellman-group-exchange-sha1
•
diffie-hellman-group1-sha1
•
diffie-hellman-group14-sha1
When FIPS is enabled, the default key-exchange-algorithm is
diffie-hellman-
group14-sha1
.
When FIPS is not enabled, the default key-exchange-algorithms are the following:
•
diffie-hellman-group-exchange-sha1
•
diffie-hellman-group1-sha1,
•
diffie-hellman-group14-sha1
port
port-number
(OPTIONAL) Enter the keyword
port
then the port number of the listening port of the
SSH server. The range is from 1 to 65535. The default is
22
.
[version {1 | 2}]
(OPTIONAL) Enter the keyword
version
then the SSH version 1 or 2 to specify only
SSHv1 or SSHv2.
NOTE:
If you enable FIPS mode, you can only select version 2.
Defaults
•
Default listening port is
22
.
•
Default cipher list is 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr.
•
When FIPS is enabled, the default is hmac-sha1-96.
Security
1449