38
Enhancements
Release R.11.14 Enhancements
ProCurve(config)# no ip ssh cipher 3des-cbc
Figure 2. Example of Disabling a Specific Cipher
Configuring Key Lengths and DSA/RSA Support
This enhancement allows you to specify the type and length of the generated host key. The command
is:
You can also generate and use a DSA key as the host key. The size of the host key is platform-
dependent as different switches have different amounts of processing power. The size is represented
by the <num-bits> key word and has the values shown in Table 5. The default value is used if num-
bits is not specified.
Syntax: [no] ip ssh [cipher <cipher-type>]
Cipher types that can be used for connection by clients. Valid types are:
• aes128-cbc
• 3des-cbc
• aes192-cbc
• aes256-cbc
• rijndael-cbc@lysator.liu.se
• aes128-ctr
• aes192-ctr
• aes256-ctr
Default: All cipher types are available.
Use the no form of the command to disable a cipher type.
Syntax: crypto key generate ssh [dsa | rsa [bits <num-bits>]]
Specify the type and length of the host key that is generated.
Table 5. RSA/DSA Values for Various ProCurve Switches
Platform Maximum RSA Key Size (in bits) DSA Key Size (in bits)
5400/3500/6200/8200/2900 1024, 2048, 3072
Default: 2048
1024