security ssh add
Add SSH configuration options
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The ` security ssh add ` command adds additional SSH key exchange algorithms or ciphers or MAC algorithms to the existing configurations of the cluster or a Vserver. The added algorithms or ciphers or MAC algorithms are enabled on the cluster or Vserver. If you change the cluster configuration settings, it is used as the default for all newly created Vservers. The existing SSH key exchange algorithms, ciphers, and MAC algorithms remain unchanged in the configuration. If the SSH key exchange algorithms or ciphers or MAC algorithms are already enabled in the current configuration, the command will does not not fail. Data ONTAP supports the diffie-hellman-group-exchange-sha256
key exchange algorithm for SHA-2. Data ONTAP also supports the diffie-hellman-group-exchange-sha1
, diffie-hellman-group14-sha1
, and diffie-hellman-group1-sha1
SSH key exchange algorithms for SHA-1. The SHA-2 key exchange algorithm is more secure than the SHA-1 key exchange algorithms. Data ONTAP also supports ecdh-sha2-nistp256
, ecdh-sha2-nistp384
, ecdh-sha2-nistp521
, and curve25519-sha256
. Data ONTAP also supports the AES and 3DES symmetric encryptions (also known as ciphers) of the following types: aes256-ctr
, aes192-ctr
, aes128-ctr
, aes256-cbc
, aes192-cbc
, aes128-cbc
, aes128-gcm
, aes256-gcm
, and 3des-cbc
. Data ONTAP supports MAC algorithms of the following types: hmac-sha1
, hmac-sha1-96
, hmac-md5
, hmac-md5-96
, umac-64
, umac-64
, umac-128
, hmac-sha2-256
, hmac-sha2-512
, hmac-sha1-etm
, hmac-sha1-96-etm
, hmac-sha2-256-etm
, hmac-sha2-512-etm
, hmac-md5-etm
, hmac-md5-96-etm
, umac-64-etm
, and umac-128-etm
.
Parameters
-vserver <Vserver Name>
- Vserver-
Identifies the Vserver to which you want to add additional SSH key exchange algorithms or ciphers.
[-key-exchange-algorithms <algorithm name>,…]
- List of SSH Key Exchange Algorithms to Add-
Adds the specified SSH key exchange algorithm or algorithms to the Vserver.
[-ciphers <cipher name>,…]
- List of SSH Ciphers to Add-
Adds the specified cipher or ciphers to the Vserver.
[-mac-algorithms <MAC name>,…]
- List of SSH MAC Algorithms to Add-
Adds the specified MAC algorithm or algorithms to the Vserver.
Examples
The following command adds the diffie-hellman-group-exchange-sha256
and diffie-hellman-group-exchange-sha1
key exchange algorithms for the cluster1 Vserver. It also adds the aes256-cbc
and aes192-cbc
ciphers and the hmac-sha1
and hmac-sha2-256
MAC algorithms to the cluster1 Vserver.
cluster1::> security ssh add -vserver cluster1 -key-exchange-algorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1 -ciphers aes256-cbc,aes192-cbc -mac-algorithms hmac-sha1,hmac-sha2-256