Index  |  Top  -  Up Data ONTAP 8.3

security ssh add

Add SSH configuration options

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.


This command adds additional SSH key exchange algorithms or ciphers to the existing configurations of the cluster or a Vserver. The added algorithms or ciphers are enabled on the cluster or Vserver. If you changed the cluster configuration settings, it will be used as the default for all newly created Vservers. Existing SSH key exchange algorithms and ciphers remain unchanged in the configuration. If the SSH key exchange algorithms or ciphers are already enabled in the current configuration, the command will not fail. Data ONTAP supports the diffie-hellman-group-exchange-sha256 key exchange algorithm for SHA-2. Data ONTAP also supports the diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1. The SHA-2 key exchange algorithm is more secure than the SHA-1 key exchange algorithms. Data ONTAP also supports the AES and 3DES symmetric encryptions (also known as ciphers) of the following types: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, and 3des-cbc.


-vserver <vserver name> - Vserver

Identifies the Vserver to which you want to add additional SSH key exchange algorithms or ciphers.

[-key-exchange-algorithms <algorithm name>, ...] - List of SSH Key Exchange Algorithms to Add

Adds the specified SSH key exchange algorithm or algorithms to the Vserver.

[-ciphers <cipher name>, ...] - List of SSH Ciphers to Add

Adds the specified cipher or ciphers to the Vserver.


The following command adds the diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 key exchange algorithms for the cluster1 Vserver. It also adds the aes256-cbc and aes192-cbc ciphers to the cluster1 Vserver.
cluster1::> security ssh add -vserver cluster1 -key-exchange-algorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1 -ciphers aes256-cbc,aes192-cbc

Index  |  Top  -  Up Data ONTAP 8.3

Copyright © 1994-2015 NetApp, Inc. Legal Information