Cipher client and server list

The 7210 SAS supports cipher client and server lists. The user can add or remove the desired SSH cipher client and server algorithms to be negotiated. The list is an index list with the lower index having higher preference in the SSH negotiation. The lowest index algorithm in the list is negotiated first in SSH connections and is on top of the negotiation list to the peer.

There is a separate cipher list for SSHv1 and SSHv2 for both client and server.

The default client cipher list for SSHv1 includes all supported algorithms in the following preference order:

  1. cipher 200 name 3des

  2. cipher 205 name blowfish

  3. cipher 210 name des

The default server cipher list for SSHv1 includes algorithms in the following preference order:

  1. cipher 200 name 3des

  2. cipher 205 name blowfish

The default server and client lists for SSHv2 include all supported algorithms in the following preference order:

  1. cipher 190 name aes256-ctr

  2. cipher 192 name aes192-ctr

  3. cipher 194 name aes128-ctr

  4. cipher 200 name aes128-cbc

  5. cipher 205 name 3des-cbc

  6. cipher 210 name blowfish-cbc

  7. cipher 215 name cast128-cbc

  8. cipher 220 name arcfour

  9. cipher 225 name aes192-cbc

  10. cipher 230 name aes256-cbc

  11. cipher 235 name rijndael-cbc

Use the following CLI syntax to configure the client and server cipher list.

configure system security ssh client-cipher-list  
  client-cipher-list protocol-version <version>
 <version>            : [1..2]
configure system security ssh client-cipher-list cipher  
  cipher <index> name <cipher-name>
  no cipher <index>
 <index>              : [1..255]
 <cipher-name>        : aes128-ctr|aes192-ctr|aes256-ctr|des|3des|blowfish|
                        3des-cbc|blowfish-cbc|cast128-cbc|arcfour|aes128-cbc|
                        aes192-cbc|aes256-cbc|rijndael-cbc
configure system security ssh server-cipher-list
  server-cipher-list protocol-version <version>
 <version>            : [1..2]
configure system security ssh server-cipher-list cipher
  no cipher <index>
  cipher <index> name <cipher-name>
 <index>              : [1..255]
 <cipher-name>        : aes128-ctr|aes192-ctr|aes256-ctr|des|3des|blowfish|
                        3des-cbc|blowfish-cbc|cast128-cbc|arcfour|aes128-cbc|
                        aes192-cbc|aes256-cbc|rijndael-cbc
Parent topic: Other security features