The 7705 SAR supports configurable KEX client and KEX server lists that are used to negotiate the best compatible KEX algorithm between the SSH client and SSH server. Each list contains KEX algorithms and their corresponding index values, where a lower index value has a higher preference in the SSH negotiation. The list is ordered by preference from highest to lowest. When the client and server exchange their KEX lists, the first algorithm in the client list that is also supported by the server is the algorithm that is agreed upon.
The KEX client and KEX server each have a default list that contains all supported algorithms and their corresponding indexes. See Table: Default KEX Index Values in the Security Command Reference for the default KEX index values and algorithms.
The default list can be changed by manually removing a single index or as many indexes as required using the no kex index command. The default list can also be customized by first removing an index and then redefining it for each algorithm as required (the 7705 SAR does not support customizing an index without first removing it).
Once a change has been made to the default list, the 7705 SAR uses the changed list moving forward. To go back to using the hard-coded list, the default KEX indexes must be manually re-entered with their corresponding algorithms. If all the entries in a KEX list are removed, the list will be empty and any KEX algorithm brought to the negotiation will be rejected.