Configuring SSH MAC Algorithm Lists

Use the ssh command to configure SSH2 client and server MAC algorithm lists. Client MAC algorithm lists are used if the 7705 SAR is acting as an SSH client, and server MAC algorithm lists are used if the 7705 SAR is acting as an SSH server.

Note:

If a 7705 SAR node is running in FIPS-140-2 mode:

SSH1 is not supported
for SSH2, the following MAC algorithms are not available: hmac-sha1-96, hmac-md5, hmac-ripemd160, hmac-ripemd160-openssh-com, and hmac-mda5-96

CLI Syntax:

config>system>security
    ssh
        client-mac-list 
            mac index name mac-name
        server-mac-list 
            mac index name mac-name

Example:

config>system>security# ssh
config>system>security>ssh# client-mac-list 
config>system>security>ssh>client-mac# mac 200 name hmac-sha2-512
config>system>security>ssh>client-mac# mac 210 name hmac-sha2-256
config>system>security>ssh>client-mac# mac 215 name hmac-sha1
config>system>security>ssh>client-mac# mac 220 name hmac-sha1-96
config>system>security>ssh>client-mac# mac 225 name hmac-md5
config>system>security>ssh>client-mac# mac 230 name hmac-ripemd160
config>system>security>ssh>client-mac# mac 235 name hmac-ripemd160-openssh-com
config>system>security>ssh>client-mac# mac 240 name hmac-md5-96
config>system>security>ssh>client-mac# exit
config>system>security>ssh# server-mac-list 
config>system>security>ssh>server-mac# mac 200 name hmac-sha2-512
config>system>security>ssh>server-mac# mac 210 name hmac-sha2-256
config>system>security>ssh>server-mac# exit
config>system>security>ssh# exit

The following example displays client and server MAC list configurations:

A:Sar8 Dut-A>config>system>security>ssh# info detail
----------------------------------------------
                client-mac-list
                    mac 200 name hmac-sha2-512
                    mac 210 name hmac-sha2-256
                    mac 215 name hmac-sha1
                    mac 220 name hmac-sha1-96
                    mac 225 name hmac-md5
                    mac 230 name hmac-ripemd160
                    mac 235 name hmac-ripemd160-openssh-com
                    mac 240 name hmac-md5-96
                exit
                server-mac-list
                    mac 200 name hmac-sha2-512
                    mac 210 name hmac-sha2-256
                    mac 215 name hmac-sha1
                    mac 220 name hmac-sha1-96
                    mac 225 name hmac-md5
                    mac 230 name hmac-ripemd160
                    mac 235 name hmac-ripemd160-openssh-com
                    mac 240 name hmac-md5-96
                exit
                exit
----------------------------------------------
*A:Sar8 Dut-A>config>system>security>ssh#