ssh key-exchange-algorithms


ssh key-exchange-algorithms <KEY-EXCHANGE-ALGORITHMS-LIST>

no ssh key-exchange-algorithms 


Configures SSH to use a set of key exchange algorithm types in the specified priority order. The first key exchange type entered in the CLI is considered a first priority. Key exchange algorithms are used to exchange a shared session key with a peer securely. Each option represents an algorithm that is used to distribute a shared key in a way that prevents outside interference, manipulation, or recovery. Only the key exchange algorithms that are specified by the user are configured.

The no form of this command removes the configuration of key exchange algorithms and reverts SSH to use the default set of algorithms.

Command context




Valid key exchange algorithms are:

  • curve25519-sha256


  • diffie-hellman-group-exchange-sha1

  • diffie-hellman-group-exchange-sha256

  • diffie-hellman-group14-sha1

  • diffie-hellman-group14-sha256

  • diffie-hellman-group16-sha512

  • diffie-hellman-group18-sha512

  • ecdh-sha2-nistp256

  • ecdh-sha2-nistp384

  • ecdh-sha2-nistp521

Default set of key exchange algorithms in priority order:
  1. curve25519-sha256


  3. ecdh-sha2-nistp256

  4. ecdh-sha2-nistp384

  5. ecdh-sha2-nistp521

  6. diffie-hellman-group-exchange-sha256

  7. diffie-hellman-group16-sha512

  8. diffie-hellman-group18-sha512

  9. diffie-hellman-group14-sha256

  10. diffie-hellman-group-exchange-sha1


Administrators or local user group members with execution rights for this command.


Configuring SSH to use a set of specified key exchange algorithms:

switch(config)# ssh key-exchange-algorithms ecdh-sha2-nistp256 curve25519-sha256

Reverting SSH to use the default set of key-exchange-algorithms:

switch(config)# no key-exchange-algorithms