Configuring SSH KEX Algorithm Lists

Use the ssh command to configure SSH2 client and server KEX algorithm lists. Client KEX algorithm lists are used if the 7705 SAR is acting as an SSH client, and server KEX algorithm lists are used if the 7705 SAR is acting as an SSH server.

Note:

If a 7705 SAR node is running in FIPS-140-2 mode:

CLI Syntax:
config>system>security
    ssh
        client-kex-list 
            kex index name kex-name
        server-kex-list 
            kex index name kex-name
Example:
config>system>security# ssh
config>system>security>ssh# client-kex-list 
config>system>security>ssh>client-kex# kex 200 name diffie-hellman-group16-sha512
config>system>security>ssh>client-kex# kex 210 name diffie-hellman-group14-sha256
config>system>security>ssh>client-kex# kex 215 name diffie-hellman-group14-sha1
config>system>security>ssh>client-kex# kex 220 name diffie-hellman-group-exchange-sha1
config>system>security>ssh>client-kex# kex 225 name diffie-hellman-group1-sha1
config>system>security>ssh>client-kex# exit
config>system>security>ssh# server-kex-list 
config>system>security>ssh>server-kex# kex 200 name diffie-hellman-group16-sha512
config>system>security>ssh>server-kex# kex 210 name diffie-hellman-group14-sha256
config>system>security>ssh>server-kex# exit
config>system>security>ssh# exit

The following example displays SSH2 client and server KEX list configurations:

A:Sar8 Dut-A>config>system>security>ssh# info detail
----------------------------------------------
                client-kex-list
                    kex 200 name diffie-hellman-group16-sha512
                    kex 210 name diffie-hellman-group14-sha256
                    kex 215 name diffie-hellman-group14-sha1
                    kex 220 name diffie-hellman-group-exchange-sha1
                    kex 225 name diffie-hellman-group1-sha1
                exit
                server-kex-list
                    kex 200 name diffie-hellman-group16-sha512
                    kex 210 name diffie-hellman-group14-sha256
                    kex 215 name diffie-hellman-group14-sha1
                    kex 220 name diffie-hellman-group-exchange-sha1
                    kex 225 name diffie-hellman-group1-sha1
                exit
----------------------------------------------
*A:Sar8 Dut-A>config>system>security>ssh#
Parent topic: Security Configuration Procedures