add ssh-<encryption-category> algorithm <algorithm>

In the R81.10.X releases, this command is available starting from the R81.10.05 version.

Description

Starting in R81.10.x, OpenSSH is used for the SSH server (sshd) instead of Dropbear. OpenSSH enables you to configure which encryption algorithms to use for each stage of the connection, using a config file. Add algorithms from a predefined list.

These are the encryption categories, each with multiple supported algorithms:

  • Kex

  • Ciphers

  • MACs

Syntax

add ssh-<encryption-category> algorithm <algorithm>

Parameters

Parameter

Description

kex

  • curve25519-sha256

  • curve25519-sha256@libssh.org

  • ecdh-sha2-nistp521

  • ecdh-sha2-nistp384

  • ecdh-sha2-nistp256

  • diffie-hellman-group14-sha256

  • diffie-hellman-group14-sha1

  • diffie-hellman-group16-sha512

  • diffie-hellman-group18-sha512

  • diffie-hellman-group-exchange-sha256

cipher

  • aes128-ctr

  • aes256-ctr

  • aes128-cbc

  • aes256-cbc

  • aes192-ctr

hmac

  • hmac-sha1

  • hmac-sha2-256

  • hmac-sha2-512

Example Command

add ssh-kex algorithm diffie-hellman-group 18-sha512

add ssh-mac algorithm hmac-sha2-512