Cisco Cisco Packet Data Gateway (PDG)
ssh key-size
This new Global Configuration mode CLI command configures the key size for SSH key generation for all
contexts (RSA host key only).
contexts (RSA host key only).
configure
ssh key-size { 2048 | 3072 | 4096 | 5120 | 6144 | 7168 | 9216 }
default ssh key-size 2048
end
default ssh key-size 2048
end
Notes:
• 2048: 2048 bits (Default)
• 3072: 3072 bits
• 4096: 4096 bits
• 5120: 5210 bits
• 6144: 6144 bits
• 7168: 7168 bits
• 9216: 9216 bits
ciphers
This new Global Configuration mode CLI command configures the cipher priority list in sshd for SSH
symmetric encryption. It changes the cipher option in the sshd_config_x file for that context.
symmetric encryption. It changes the cipher option in the sshd_config_x file for that context.
configure
context context_name
server sshd
ciphers algorithm
end
end
Notes:
• ciphers sets the priority order of encryption algorithms used for SSH symmetric session encryption.
• algorithm is entered as a single string of comma-separated variables in priority order from those shown
below:
◦blowfish-cbc – symmetric-key block cipher, Cipher Block Chaining, CBC
◦3des-cbc – Triple Data Encryption Standard, CBC
◦aes128-cbc – Advanced Encryption Standard (AES), 128-bit key size, CBC
◦aes128-ctr – AES 128-bit key size, Counter-mode encryption (CTR)
◦aes192-ctr – AES 192-bit key size, CTR
◦aes256-ctr – AES 256-bit key size, CTR
◦aes128-gcm@openssh.com – AES 128-bit key size, Galois Counter Mode [GCM], OpenSSH
◦aes256-gcm@openssh.com – AES 256-bit key size, GCM, OpenSSH
Release Change Reference, StarOS Release 19
446
System Changes in Release 19
Conceal/Remove ssh server Configuration Options