delete ssh-<encryption-category> algorithm <algorithm>

In the R81.10.X releases, this command is available starting from the R81.10.05 version.

Description

Starting in R81.10.x, OpenSSH is used for the SSH server (sshd) instead of Dropbear. OpenSSH enables you to configure which encryption algorithms to use for each stage of the connection, using a config file. Delete algorithms from a predefined list.

These are the encryption categories, each with multiple supported algorithms:

  • Kex

  • Ciphers

  • MACs

Syntax

delete ssh-<encryption-category> algorithm <algorithm>

Parameters

Parameter

Description

kex

  • curve25519-sha256

  • curve25519-sha256@libssh.org

  • ecdh-sha2-nistp521

  • ecdh-sha2-nistp384

  • ecdh-sha2-nistp256

  • diffie-hellman-group14-sha256

  • diffie-hellman-group14-sha1

  • diffie-hellman-group16-sha512

  • diffie-hellman-group18-sha512

  • diffie-hellman-group-exchange-sha256

cipher

  • aes128-ctr

  • aes256-ctr

  • aes128-cbc

  • aes256-cbc

  • aes192-ctr

hmac

  • hmac-sha1

  • hmac-sha2-256

  • hmac-sha2-512

Example Command

delete ssh-cipher algorithm aes128-cbc