SSH Algorithm Management¶
SSH algorithms on the VOSS-4-UC platform can be viewed, enabled, disabled or reset to the default list.
The available commands are:
system ssh algorithm default - Reset enabled and disabled algorithms to their default.
system ssh algorithm list < all | algorithm-type > - Display all or any of <cipher|mac|kex|key> SSH algorithms. The list will also show
enabledanddisabledalgorithm types.system ssh algorithm disable <algorithm-type> <algorithm-name> - Disable algorithms of a specific type <cipher|mac|kex|key>, by specifying a space separated list of algorithm names.
Note that not all algorithms can be disabled.
For example, to disable two of the
cipheralgorithms, the command would be:system ssh algorithm disable cipher aes128-ctr aes192-ctr
system ssh algorithm enable <algorithm-type> <algorithm-name> - Enable algorithms of a specific type <cipher|mac|kex|key>, by specifying a space separated list of algorithm names.
Command example to view status of all algorithms types:
platform@VOSS:~$ system ssh algorithm list all
cipher:
enabled:
aes128-ctr
aes192-ctr
aes256-ctr
kex:
enabled:
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
curve25519-sha256@libssh.org
key:
enabled:
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
mac:
enabled:
hmac-sha1
hmac-sha2-256
hmac-sha2-512
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-128-etm@openssh.com
