Support Center > Search Results > SecureKnowledge Details
Supported SSH Traffic Ciphers Technical Level
Solution

Important:

  • The same ciphers supported in R80.40 are also supported in R81.
  • Starting R81.10, this SK solution is no longer relevant. There is a new Clish command to enable and disable ciphers: "set ssh server cipher" and "show ssh server cipher"
R80.30 has the same ciphers as R80.20:

aes128-cbc ,  aes192-cbc , aes256-cbc , rijndael-cbc@lysator.liu.se
aes128-ctr , aes192-ctr , aes256-ctr

In R80.40, openSSL and openSSH were upgraded. R80.40 supports the following:

[Expert@ice-openipmi-main-take-1:0]# ssh -Q cipher
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

[Expert@ice-openipmi-main-take-1:0]# ssh -Q mac
hmac-sha1
hmac-sha2-256
hmac-sha2-512
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

[Expert@ice-openipmi-main-take-1:0]# ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com

[Expert@ice-openipmi-main-take-1:0]# ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment