The 7210 SAS supports cipher client and server lists. The user can add or remove the desired SSH cipher client and server algorithms to be negotiated. The list is an index list with the lower index having higher preference in the SSH negotiation. The lowest index algorithm in the list is negotiated first in SSH connections and is on top of the negotiation list to the peer.
There is a separate cipher list for SSHv1 and SSHv2 for both client and server.
The default client cipher list for SSHv1 includes all supported algorithms in the following preference order:
cipher 200 name 3des
cipher 205 name blowfish
cipher 210 name des
The default server cipher list for SSHv1 includes algorithms in the following preference order:
cipher 200 name 3des
cipher 205 name blowfish
The default server and client lists for SSHv2 include all supported algorithms in the following preference order:
cipher 190 name aes256-ctr
cipher 192 name aes192-ctr
cipher 194 name aes128-ctr
cipher 200 name aes128-cbc
cipher 205 name 3des-cbc
cipher 210 name blowfish-cbc
cipher 215 name cast128-cbc
cipher 220 name arcfour
cipher 225 name aes192-cbc
cipher 230 name aes256-cbc
cipher 235 name rijndael-cbc
Use the following CLI syntax to configure the client and server cipher list.
configure system security ssh client-cipher-list
client-cipher-list protocol-version <version>
<version> : [1..2]
configure system security ssh client-cipher-list cipher
cipher <index> name <cipher-name>
no cipher <index>
<index> : [1..255]
<cipher-name> : aes128-ctr|aes192-ctr|aes256-ctr|des|3des|blowfish|
3des-cbc|blowfish-cbc|cast128-cbc|arcfour|aes128-cbc|
aes192-cbc|aes256-cbc|rijndael-cbc
configure system security ssh server-cipher-list
server-cipher-list protocol-version <version>
<version> : [1..2]
configure system security ssh server-cipher-list cipher
no cipher <index>
cipher <index> name <cipher-name>
<index> : [1..255]
<cipher-name> : aes128-ctr|aes192-ctr|aes256-ctr|des|3des|blowfish|
3des-cbc|blowfish-cbc|cast128-cbc|arcfour|aes128-cbc|
aes192-cbc|aes256-cbc|rijndael-cbc