Contents

1   Description

This instruction describes how to configure a system-wide Secure Shell (SSH) algorithm setting.

2   Procedure

2.1   Configure SSH Algorithms

Prerequisites

• No documents are required.
• No tools are required.
• The following conditions must apply:
  • The user has the System Security Administrator role.
  • The list of wanted set of algorithms is known.
  • The user has basic knowledge of cryptography.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to Ssh Managed Object (MO), for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,Ssh=1

2. Enter Config mode:

   (Ssh=1)>configure

3. Is it required to change selectedCiphers?

   Yes: Continue with next step.

   No: Proceed with Step 5.

   Note:  

   The strongest SSH ciphers are selected by default.

   
   
4. Set attribute selectedCiphers to configure ciphers, for example:

   (config-Ssh=1)>selectedCiphers=[aes256-ctr,aes192-ctr,aes128-ctr]

   The string list must follow the constraints stated in datatype SshAlgorithm under Ssh.

5. Is it required to change selectedKeyExchanges?

   Yes: Continue with next step.

   No: Proceed with Step 7.

   Note:  

   The strongest key exchanges are selected by default.

   
   
6. Set attribute selectedKeyExchanges to configure key exchanges, for example:

   (config-Ssh=1)>selectedKeyExchanges=[diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]

   The string list must follow the constraints stated in datatype SshAlgorithm under Ssh.

7. Is it required to change selectedMacs?

   Yes: Continue with next step.

   No: Proceed with Step 9.

   Note:  

   The strongest message authentication codes are selected by default.

   
   
8. Set attribute selectedMacs to configure message authentication codes, for example:

   (config-Ssh=1)>selectedMacs=[hmac-ripemd160@openssh.com,hmac-ripemd160,hmac-sha1-96]

   The string list must follow the constraints stated in datatype SshAlgorithm under Ssh.

9. Commit the settings:

   (config-Ssh=1)>commit

10. Verify the settings:

    (Ssh=1)>show -v

    The following is an example output:

    selectedCiphers "aes256-ctr" "aes192-ctr" "aes128-ctr" selectedKeyExchanges "diffie-hellman-group-exchange-sha1" "diffie-hellman-group14-sha1" selectedMacs "hmac-ripemd160@openssh.com" "hmac-ripemd160" "hmac-sha1-96" [...]