Index  |  Top  -  Up Data ONTAP 8.3

security ssh modify

Modify SSH configuration options

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command replaces the existing configurations of the SSH key exchange algorithms or ciphers for the cluster or a Vserver with the configuration settings you specify. If you modify the cluster configuration settings, it will be used as the default for all newly created Vservers. Data ONTAP supports the diffie-hellman-group-exchange-sha256 key exchange algorithm for SHA-2. Data ONTAP also supports the diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1. The SHA-2 key exchange algorithm is more secure than the SHA-1 key exchange algorithms. Data ONTAP also supports the AES and 3DES symmetric encryptions (also known as ciphers) of the following types: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, and 3des-cbc.

Parameters

-vserver <vserver name> - Vserver

Identifies the Vserver for which you want to replace the existing SSH key exchange algorithm and cipher configurations.

[-key-exchange-algorithms <algorithm name>, ...] - Key Exchange Algorithms

Enables the specified SSH key exchange algorithm or algorithms for the Vserver. This parameter also replaces all existing SSH key exchange algorithms with the specified settings.

[-ciphers <cipher name>, ...] - Ciphers

Enables the specified cipher or ciphers for the Vserver. This parameter also replaces all existing ciphers with the specified settings.

Examples

The following command enables the diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha1 key exchange algorithms for the cluster1 Vserver. It also enables the aes256-ctr, aes192-ctr and aes128-ctr ciphers for the cluster1 Vserver.
cluster1::> security ssh modify -vserver cluster1 -key-exchange-algorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 -ciphers aes256-ctr,aes192-ctr,aes128-ctr

Index  |  Top  -  Up Data ONTAP 8.3

Copyright © 1994-2015 NetApp, Inc. Legal Information