Description

This command replaces the existing configurations of the SSH key exchange algorithms or ciphers for the cluster or a Vserver with the configuration settings you specify. If you modify the cluster configuration settings, it will be used as the default for all newly created Vservers. Data ONTAP supports the diffie-hellman-group-exchange-sha256 key exchange algorithm for SHA-2. Data ONTAP also supports the diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1. The SHA-2 key exchange algorithm is more secure than the SHA-1 key exchange algorithms. Data ONTAP also supports the AES and 3DES symmetric encryptions (also known as ciphers) of the following types: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, and 3des-cbc.

Examples

The following command enables the diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha1 key exchange algorithms for the cluster1 Vserver. It also enables the aes256-ctr, aes192-ctr and aes128-ctr ciphers for the cluster1 Vserver.

cluster1::> security ssh modify -vserver cluster1 -key-exchange-algorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 -ciphers aes256-ctr,aes192-ctr,aes128-ctr