ssh2 ipv6 suite-b
Use ssh2 ipv6 suite-b to establish a connection to an IPv6 Stelnet server based on Suite B algorithms.
Syntax
ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type interface-number ] suite-b [ 128-bit | 192-bit ] pki-domain domain-name [ server-pki-domain domain-name ] [ prefer-compress zlib ] [ dscp dscp-value | escape character | source { interface interface-type interface-number | ipv6 ipv6-address } ] *
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
server: Specifies a server by its IPv6 address or host name, a case-insensitive string of 1 to 253 characters.
port-number: Specifies the port number of the server, in the range 1 to 65535. The default is 22.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the server belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters.
-i interface-type interface-number: Specifies an output interface by its type and number for IPv6 SSH packets. Specify this option when the server uses a link-local address to provide the Stelnet service for the client. The specified output interface on the Stelnet client must have a link-local address.
suite-b: Specifies the Suite B algorithms. If neither the 128-bit keyword nor the 192-bit keyword is specified, all algorithms in Suite B are used. For more information about the Suite B algorithms, see Table 63.
128-bit: Specifies the 128-bit Suite B security level.
192-bit: Specifies the 192-bit Suite B security level.
pki-domain domain-name: Specifies the PKI domain of the client's certificate. The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31 characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:), dots (.), angle brackets (< >), quotation marks ("), and apostrophes (').
server-pki-domain domain-name: Specifies the PKI domain for verifying the server's certificate. The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31 characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:), dots (.), angle brackets (< >), quotation marks ("), and apostrophes ('). If you do not specify the server's PKI domain, the client uses the PKI domain of its own certificate to verify the server's certificate.
prefer-compress: Specifies the preferred compression algorithm for data compression between the server and the client. By default, compression is not supported.
zlib: Specifies compression algorithm zlib.
dscp dscp-value: Specifies the DSCP value in the IPv6 SSH packets. The value range for the dscp-value argument is 0 to 63, and the default value is 48. The DSCP value determines the transmission priority of the packet.
escape character: Specifies a case-sensitive escape character. By default, the escape character is a tilde (~).
source: Specifies a source IP address or source interface for IPv6 SSH packets. By default, the device automatically selects a source address for IPv6 SSH packets in compliance with RFC 3484. As a best practice to ensure successful Stelnet connections, specify a loopback interface as the source interface or specify the IPv6 address of the interface as the source IPv6 address.
interface interface-type interface-number: Specifies a source interface by its type and number. The IPv6 address of this interface is the source IP address of the IPv6 SSH packets.
ipv6 ipv6-address: Specifies a source IPv6 address.
Usage guidelines
Table 63: Suite B algorithms
Security level | Key exchange algorithm | Encryption algorithm and HMAC algorithm | Public key algorithm |
---|---|---|---|
128-bit | ecdh-sha2-nistp256 | AES128-GCM | x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384 |
192-bit | ecdh-sha2-nistp384 | AES256-GCM | x509v3-ecdsa-sha2-nistp384 |
Both | ecdh-sha2-nistp256 ecdh-sha2-nistp384 | AES128-GCM AES256-GCM | x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384 |
The combination of an escape character and a dot (.) works as an escape sequence. This escape sequence is typically used to quickly terminate an SSH connection when the server reboots or malfunctions.
For the escape sequence to take effect, you must enter it at the very beginning of a line. If you have entered other characters or performed operations in a line, enter the escape sequence in the next line. As a best practice, use the default escape character (~). Do not use any character in SSH usernames as the escape character.
Examples
# Use the 192-bit Suite B algorithms to establish a connection to Stelnet server 2000::1. Specify the client's PKI domain and the server's PKI domain as clientpkidomain and serverpkidomain, respectively.
<Sysname> ssh2 ipv6 2000::1 suite-b 192-bit pki-domain clientpkidomain server-pki-domain serverpkidomain Username: