The SSH key-exchange specifies the algorithms used for generating one-time session keys for encryption and authentication with the SSH server.
Refer to the online help on the device for the complete list of supported key exchange algorithms.
For backward compatibility, the string "dh-group-14" is also acceptable in place of "diffie-hellman-group-14-sha1".
- Enter global configuration mode.
device# configure terminal
- Use the ssh serverkey-exchange command to set the key exchange algorithm for theserver.
You can use multiple keyexchange algorithms by separating the string names with commas.
device(config)# ssh server key-exchange diffie-hellman-group14-sha1,ecdh-sha2-nistp521
- Use the ssh clientkey-exchange command to set the key exchange algorithm for theclient.
You can use multiple keyexchange algorithms by separating the string names with commas.
device(config)# ssh client key-exchange diffie-hellman-group14-sha1,ecdh-sha2-nistp521
The complete list of ssh server and ssh client key exchange algorithmssupported in FIPS mode are as follows:
- ecdh-sha2-nistp256
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group14-sha1
The complete list of ssh server and ssh client key exchange algorithmssupported in CC mode are as follows:
- ecdh-sha2-nistp256
- diffie-hellman-group14-sha1
- Restart the SSH server from EXECmode using the ssh-server restart command for the new configuration to takeeffect.
device(config)# exitdevice# ssh-server restart