Use the ssh command to configure SSH1 or SSH2 cipher lists. Client cipher lists are used if the 7705 SAR is acting as an SSH client, and server cipher lists are used if the 7705 SAR is acting as an SSH server.
If a 7705 SAR node is running in FIPS-140-2 mode:
SSH1 is not supported
for SSH2, the following ciphers are not available: blowfish-cbc, cast128-cbc, arcfour, and rijndael-cbc
config>system>security
ssh
client-cipher-list protocol-version version
cipher index name cipher-name
server-cipher-list protocol-version version
cipher index name cipher-nameconfig>system>security# ssh
config>system>security>ssh# client-cipher-list protocol-version 1
config>system>security>ssh>client-cipher# cipher 10 name 3des
config>system>security>ssh>client-cipher# cipher 20 name blowfish
config>system>security>ssh>client-cipher# cipher 30 name des
config>system>security>ssh>client-cipher# exit
config>system>security>ssh# client-cipher-list protocol-version 2
config>system>security>ssh>client-cipher# cipher 2 name aes256-ctr
config>system>security>ssh>client-cipher# cipher 4 name aes128-ctr
config>system>security>ssh>client-cipher# cipher 6 name aes256-ctr
config>system>security>ssh>client-cipher# cipher 10 name aes128-cbc
config>system>security>ssh>client-cipher# cipher 20 name 3des-cbc
config>system>security>ssh>client-cipher# cipher 30 name blowfish-cbc
config>system>security>ssh>client-cipher# cipher 40 name cast128-cbc
config>system>security>ssh>client-cipher# cipher 50 name arcfour
config>system>security>ssh>client-cipher# cipher 60 name aes192-cbc
config>system>security>ssh>client-cipher# cipher 70 name aes256-cbc
config>system>security>ssh>client-cipher# cipher 80 name rijndael-cbc
config>system>security>ssh>client-cipher# exit
config>system>security>ssh# server-cipher-list protocol-version 1
config>system>security>ssh>server-cipher# cipher 10 name 3des
config>system>security>ssh>server-cipher# cipher 20 name blowfish
config>system>security>ssh>server-cipher# exit
config>system>security>ssh# server-cipher-list protocol-version 2
config>system>security>ssh>server-cipher# cipher 2 name aes256-ctr
config>system>security>ssh>server-cipher# cipher 4 name aes192-ctr
config>system>security>ssh>server-cipher# cipher 6 name aes128-ctr
config>system>security>ssh>server-cipher# cipher 10 name aes128-cbc
config>system>security>ssh>server-cipher# cipher 20 name 3des-cbc
config>system>security>ssh>server-cipher# cipher 30 name blowfish-cbc
config>system>security>ssh>server-cipher# cipher 40 name cast128-cbc
config>system>security>ssh>server-cipher# cipher 50 name arcfour
config>system>security>ssh>server-cipher# cipher 60 name aes192-cbc
config>system>security>ssh>server-cipher# cipher 70 name aes256-cbc
config>system>security>ssh>server-cipher# cipher 80 name rijndael-cbc
config>system>security>ssh>server-cipher# exit
config>system>security>ssh# exitThe following example displays both SSH1 and SSH2 client and server cipher list configurations:
A:Sar8 Dut-A>config>system>security>ssh# info detail
----------------------------------------------
client-cipher-list protocol-version 1
cipher 10 name 3des
cipher 20 name blowfish
cipher 30 name des
exit
client-cipher-list protocol-version 2
cipher 2 name aes256-ctr
cipher 4 name aes192-ctr
cipher 6 name aes128-ctr
cipher 10 name aes128-cbc
cipher 20 name 3des-cbc
cipher 30 name blowfish-cbc
cipher 40 name cast128-cbc
cipher 50 name arcfour
cipher 60 name aes192-cbc
cipher 70 name aes256-cbc
cipher 80 name rijndael-cbc
exit
server-cipher-list protocol-version 1
cipher 10 name 3des
cipher 20 name blowfish
exit
server-cipher-list protocol-version 2
cipher 2 name aes256-ctr
cipher 4 name aes192-ctr
cipher 6 name aes128-ctr
cipher 10 name aes128-cbc
cipher 20 name 3des-cbc
cipher 30 name blowfish-cbc
cipher 40 name cast128-cbc
cipher 50 name arcfour
cipher 60 name aes192-cbc
cipher 70 name aes256-cbc
cipher 80 name rijndael-cbc
exit
----------------------------------------------
*A:Sar8 Dut-A>config>system>security>ssh#