The ` security ssh modify` command replaces the existing configurations of the SSH key exchange algorithms or ciphers or MAC algorithms for the cluster or a Vserver with the configuration settings you specify. If you modify the cluster configuration settings, it will be used as the default for all newly created Vservers. Data ONTAP supports the diffie-hellman-group-exchange-sha256 key exchange algorithm for SHA-2. Data ONTAP also supports the diffie-hellman-group-exchange-sha1 , diffie-hellman-group14-sha1 , and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1. The SHA-2 key exchange algorithm is more secure than the SHA-1 key exchange algorithms. Data ONTAP also supports the AES and 3DES symmetric encryptions (also known as ciphers) of the following types: aes256-ctr , aes192-ctr , aes128-ctr , aes256-cbc , aes192-cbc , aes128-cbc , aes128-gcm , aes256-gcm , and 3des-cbc . Data ONTAP supports MAC algorithms of the following types: hmac-sha1 , hmac-sha1-96 , hmac-md5 , hmac-md5-96 , hmac-ripemd160 , umac-64 , umac-64 , umac-128 , hmac-sha2-256 , hmac-sha2-512 , hmac-sha1-etm , hmac-sha1-96-etm , hmac-sha2-256-etm , hmac-sha2-512-etm , hmac-md5-etm , hmac-md5-96-etm , hmac-ripemd160-etm , umac-64-etm , and umac-128-etm .

The following command enables the diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha1 key exchange algorithms for the cluster1 Vserver. It also enables the aes256-ctr , aes192-ctr and aes128-ctr ciphers, hmac-sha1 and hmac-sha2-256 MAC algorithms for the cluster1 Vserver. It also modifies the maximum authentication retry count to 3 for the cluster1 Vserver: