Cipher client and server list

SRĀ OS supports cipher client and server lists. The user can add or remove the needed SSH cipher client/server algorithms to be negotiated. The list is an index list with the lower index having higher preference in the SSH negotiation. The lowest index algorithm in the list will be negotiated first in SSH and will be on top of the negotiation list to the peer.

There is separate cipher list for SSHv1 and SSHv2 for both client and server.

The default client cipher list for SSHv1 includes all supported algorithms with the following preference:

The default Server cipher list for SSHv1 includes algorithms in the following preference order:

The default server and client lists for SSHv2 include all supported algorithms with the following preference:

The CLI used to configure client/server cipher list is as follows:

configure system security ssh server-cipher-list
    server-cipher-list protocol-version <version>
 <version>            : [1..2]
configure system security ssh server-cipher-list protocol-version 2 ciper
    no cipher <index>
    cipher <index> name <cipher-name>
 
<index>              : [1..255]
 <cipher-name> : aes128-ctr | aes192-ctr | aes256-ctr | 3des-cbc| blowfish-cbc| 
cast128-cbc | arcfour | aes128-cbc | aes192-cbc | aes256-cbc | rijndael-cbc