HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 195
diffie-hellman-group1-sha1
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 195 highlights
prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is sha1. Algorithm sha1 features stronger security but costs more time in calculation than md5. • md5: Specifies the HMAC algorithm hmac-md5. • md5-96: Specifies the HMAC algorithm hmac-md5-96. • sha1: Specifies the HMAC algorithm hmac-sha1. • sha1-96: Specifies the HMAC algorithm hmac-sha1-96. prefer-kex: Specifies the preferred key exchange algorithm. The default algorithm is dh-group-exchange in non-FIPS mode and is dh-group14 in FIPS mode. Algorithm dh-group14 features stronger security but costs more time in calculation than dh-group1. • dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1. • dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1. • dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1. prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128. prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1. publickey keyname: Specifies the host public key of the sever, which is used to authenticate the server. The keyname argument is a case-insensitive string of 1 to 64 characters. source: Specifies a source IP address or source interface to connect to the server. By default, the packet to send gets the primary IP address of its outbound interface from the routing table and uses it as the source IP address. To avoid the communication failure between the client and the server due to interface faults, use the specified loopback interface as the source interface, and either IP address of the two interfaces as the source IP address. interface interface-type interface-number: Specifies a source interface by its type and number. The primary IPv4 address of this interface is the source IP address to send packets. ip ip-address: Specifies a source IPv4 address. Usage guidelines When the server adopts publickey authentication to authenticate a client, the client must get the local private key for digital signature. Because publickey authentication uses RSA or DSA algorithm, you must specify a public key algorithm (by using the identity-key keyword) in order to get the correct data for the local private key. Examples # Connect an SFTP client to the IPv4 SFTP server 10.1.1.2 and specify the public key of the server as svkey. The SFTP client uses publickey authentication. Use the following algorithms: • Preferred key exchange algorithm: dh-group14. • Preferred server-to-client encryption algorithm: aes128. • Preferred client-to-server HMAC algorithm: sha1. • Preferred server-to-client HMAC algorithm: sha1-96. • Preferred compression algorithm between the server and client: zlib. sftp 10.1.1.2 prefer-kex dh-group14 prefer-stoc-cipher aes128 prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib publickey svkey 186