ssh2 algorithm cipher

Use ssh2 algorithm cipher to specify encryption algorithms for SSH2.

Use undo ssh2 algorithm cipher to restore the default.


In non-FIPS mode:

ssh2 algorithm cipher { 3des-cbc |aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm | des-cbc } *

undo ssh2 algorithm cipher

In FIPS mode:

ssh2 algorithm cipher { aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm } *

undo ssh2 algorithm cipher


SSH2 uses encryption algorithms AES128-CTR, AES192-CTR, AES256-CTR, AES128-GCM, AES256-GCM, AES128-CBC, 3DES-CBC, AES256-CBC, and DES-CBC in descending order of priority for algorithm negotiation.


System view

Predefined user roles




3des-cbc: Specifies encryption algorithm 3DES-CBC.

aes128-cbc: Specifies encryption algorithm AES128-CBC.

aes128-ctr: Specifies encryption algorithm AES128-CTR.

aes128-gcm: Specifies encryption algorithm AES128-GCM.

aes192-ctr: Specifies encryption algorithm AES192-CTR.

aes256-cbc: Specifies encryption algorithm AES256-CBC.

aes256-ctr: Specifies encryption algorithm AES256-CTR.

aes256-gcm: Specifies encryption algorithm AES256-GCM.

des-cbc: Specifies encryption algorithm DES-CBC.

Usage guidelines

If you specify the encryption algorithms, SSH2 uses only the specified algorithms for algorithm negotiation. The algorithm specified earlier has a higher priority during negotiation.


# Specify algorithm aes256-cbc as the encryption algorithm for SSH2.

<Sysname> system-view
[Sysname] ssh2 algorithm cipher aes256-cbc

Related commands

display ssh2 algorithm

ssh2 algorithm key-exchange

ssh2 algorithm mac

ssh2 algorithm public-key