Description

This command adds additional SSH key exchange algorithms or ciphers to the existing configurations of the cluster or a Vserver. The added algorithms or ciphers are enabled on the cluster or Vserver. If you changed the cluster configuration settings, it will be used as the default for all newly created Vservers. Existing SSH key exchange algorithms and ciphers remain unchanged in the configuration. If the SSH key exchange algorithms or ciphers are already enabled in the current configuration, the command will not fail. Data ONTAP supports the diffie-hellman-group-exchange-sha256 key exchange algorithm for SHA-2. Data ONTAP also supports the diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1. The SHA-2 key exchange algorithm is more secure than the SHA-1 key exchange algorithms. Data ONTAP also supports the AES and 3DES symmetric encryptions (also known as ciphers) of the following types: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, and 3des-cbc.

Examples

The following command adds the diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 key exchange algorithms for the cluster1 Vserver. It also adds the aes256-cbc and aes192-cbc ciphers to the cluster1 Vserver.

cluster1::> security ssh add -vserver cluster1 -key-exchange-algorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1 -ciphers aes256-cbc,aes192-cbc