.. _SSHopenssl ciphers_algorithm_management:

SSH Algorithm Management
------------------------

.. index:: system;system ssh algorithm

.. _18.1-Patch-Bundle-3|EKB-671:

SSH algorithms on the VOSS-4-UC platform can be viewed, enabled,
disabled or reset to the default list.

The available commands are:

* **system ssh algorithm default** - Reset enabled and disabled algorithms to their default.
* **system ssh algorithm list < all | algorithm-type >** - Display *all* or any of *<cipher|mac|kex|key>* SSH algorithms. The
  list will also show ``enabled`` and ``disabled`` algorithm types.
* **system ssh algorithm disable <algorithm-type> <algorithm-name>** - Disable algorithms of a specific type *<cipher|mac|kex|key>*,
  by specifying a space separated list of algorithm names.

  Note that not all algorithms can be disabled.

  For example, to disable two of the ``cipher`` algorithms, the command would be:

  **system ssh algorithm disable cipher aes128-ctr aes192-ctr**
* **system ssh algorithm enable <algorithm-type> <algorithm-name>** - Enable algorithms of a specific type *<cipher|mac|kex|key>*,
  by specifying a space separated list of algorithm names. 


Command example to view status of *all* algorithms types:

::

   platform@VOSS:~$ system ssh algorithm list all
       cipher: 
           enabled: 
               aes128-ctr
               aes192-ctr
               aes256-ctr
       kex: 
           enabled: 
               diffie-hellman-group1-sha1
               diffie-hellman-group14-sha1
               diffie-hellman-group-exchange-sha1
               diffie-hellman-group-exchange-sha256
               curve25519-sha256@libssh.org
       key: 
           enabled: 
               ssh-ed25519
               ssh-ed25519-cert-v01@openssh.com
               ssh-rsa
               ssh-dss
               ecdsa-sha2-nistp256
               ecdsa-sha2-nistp384
               ecdsa-sha2-nistp521
               ssh-rsa-cert-v01@openssh.com
               ssh-dss-cert-v01@openssh.com
               ecdsa-sha2-nistp256-cert-v01@openssh.com
               ecdsa-sha2-nistp384-cert-v01@openssh.com
               ecdsa-sha2-nistp521-cert-v01@openssh.com
       mac: 
           enabled: 
               hmac-sha1
               hmac-sha2-256
               hmac-sha2-512
               hmac-ripemd160
               hmac-ripemd160@openssh.com
               umac-128@openssh.com
               hmac-sha1-etm@openssh.com
               hmac-sha2-256-etm@openssh.com
               hmac-sha2-512-etm@openssh.com
               hmac-ripemd160-etm@openssh.com
               umac-128-etm@openssh.com