The ` security ssh remove` command removes the specified SSH key exchange algorithms or ciphers from the existing configurations of the cluster or a Vserver. The removed algorithms or ciphers are disabled on the cluster or Vserver. If you changed the cluster configuration settings, it will be used as the default for all newly created Vservers. If the SSH key exchange algorithms or ciphers that you specify with this command are not currently enabled, the command does not fail. ONTAP supports the diffie-hellman-group-exchange-sha256 , diffie-hellman-group16-sha512 and diffie-hellman-group18-sha512 key exchange algorithms for SHA-2. ONTAP also supports the diffie-hellman-group-exchange-sha1 , diffie-hellman-group14-sha1 , and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1. The SHA-2 key exchange algorithm is more secure than the SHA-1 key exchange algorithms. ONTAP also supports ecdh-sha2-nistp256 , ecdh-sha2-nistp384 , ecdh-sha2-nistp521 , and curve25519-sha256 . ONTAP also supports the AES and 3DES symmetric encryption (also known as ciphers) of the following types: aes256-ctr , aes192-ctr , aes128-ctr , aes256-cbc , aes192-cbc , aes128-cbc , aes128-gcm , aes256-gcm and 3des-cbc . ONTAP supports MAC algorithms of the following types: hmac-sha1 , hmac-sha1-96 , hmac-md5 , hmac-md5-96 , umac-64 , umac-64 , umac-128 , hmac-sha2-256 , hmac-sha2-512 , hmac-sha1-etm , hmac-sha1-96-etm , hmac-sha2-256-etm , hmac-sha2-512-etm , hmac-md5-etm , hmac-md5-96-etm , umac-64-etm , and umac-128-etm .

The following command removes the diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1 key exchange algorithms from the cluster1 Vserver. It also removes the aes128-cbc and 3des-cbc ciphers and the hmac-sha1-96 and hmac-sha2-256 MAC algorithms from the cluster1 Vserver.