ssh key-exchange-algorithms

Syntax

ssh key-exchange-algorithms <KEY-EXCHANGE-ALGORITHMS-LIST>

no ssh key-exchange-algorithms 

Description

Configures SSH to use a set of key exchange algorithm types in the specified priority order. The first key exchange type entered in the CLI is considered a first priority. Key exchange algorithms are used to exchange a shared session key with a peer securely. Each option represents an algorithm that is used to distribute a shared key in a way that prevents outside interference, manipulation, or recovery. Only the key exchange algorithms that are specified by the user are configured.

The no form of this command removes the configuration of key exchange algorithms and reverts SSH to use the default set of algorithms.

Command context

config

Parameters

<KEY-EXCHANGE-ALGORITHMS-LIST>

Valid key exchange algorithms are:

  • curve25519-sha256

  • curve25519-sha256@libssh.org

  • diffie-hellman-group-exchange-sha1

  • diffie-hellman-group-exchange-sha256

  • diffie-hellman-group14-sha1

  • diffie-hellman-group14-sha256

  • diffie-hellman-group16-sha512

  • diffie-hellman-group18-sha512

  • ecdh-sha2-nistp256

  • ecdh-sha2-nistp384

  • ecdh-sha2-nistp521

Default set of key exchange algorithms in priority order:
  1. curve25519-sha256

  2. curve25519-sha256@libssh.org

  3. ecdh-sha2-nistp256

  4. ecdh-sha2-nistp384

  5. ecdh-sha2-nistp521

  6. diffie-hellman-group-exchange-sha256

  7. diffie-hellman-group16-sha512

  8. diffie-hellman-group18-sha512

  9. diffie-hellman-group14-sha256

  10. diffie-hellman-group-exchange-sha1

Authority

Administrators or local user group members with execution rights for this command.

Examples

Configuring SSH to use a set of specified key exchange algorithms:

switch(config)# ssh key-exchange-algorithms ecdh-sha2-nistp256 curve25519-sha256
 diffie-hellman-group-exchange-sha256

Reverting SSH to use the default set of key-exchange-algorithms:

switch(config)# no key-exchange-algorithms