sysconf ssh ciphers set
Sets the SSH ciphers for the appliance.
If -list is provided alone, the SSH ciphers list in the command becomes the new list, replacing any that were previously configured.
If the -add option is provided, then the -add list is appended to the currently configured SSH ciphers list.
If the -remove option is provided, then the -remove list is removed from the currently configured ciphers.
Removing all ciphers is not possible; one must remain configured.
The client-side priority preference takes precedence during SSH cipher negotiation.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
sysconf sh ciphers set -list <cipher list>[ -add | -remove] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -add | -a |
Add to the Configured SSH Ciphers List |
| -list <cipher list> | -l |
Colon Separated List of Ciphers •when used with -add this is the list of ciphers that will be appended below any currently-configured ciphers; •when used with -remove this is the list of ciphers that will be removed from the currently-configured ciphers; •when used with no option, this is the list of ciphers that will replace all currently-configured ciphers |
| -remove | -r | Remove from the Configured SSH Ciphers List |
| -force | -f |
Force the action. |
Example setting a list of ciphers
lunash:>sysconf ssh ciphers set -list aes192-ctr:aes256-ctr:aes128-ctr
This operation will set the SSH cipher(s) to use the following cipher(s):
Configured Ciphers
------------------
aes192-ctr
aes256-ctr
aes128-ctr
This operation will restart the SSH service.
Type 'proceed' to set SSH cipher(s) and restart the SSH service, or 'quit'
to quit now. > proceed
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Command Result : 0 (Success)
Example adding ciphers to an existing list
lunash:>sysconf ssh ciphers set -list aes128-cbc:aes256-cbc -add
This operation will set the SSH cipher(s) to use the following cipher(s):
Configured Ciphers
------------------
aes192-ctr
aes256-ctr
aes128-ctr
aes128-cbc
aes256-cbc
This operation will restart the SSH service.
Type 'proceed' to set SSH cipher(s) and restart the SSH service, or 'quit'
to quit now. > proceed
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Command Result : 0 (Success)
Example removing ciphers from an existing list
lunash:>sysconf ssh ciphers set -list aes192-ctr:aes128-ctr:aes128-cbc -remove
This operation will set the SSH cipher(s) to use the following cipher(s):
Configured Ciphers
------------------
aes256-ctr
aes256-cbc
This operation will restart the SSH service.
Type 'proceed' to set SSH cipher(s) and restart the SSH service, or 'quit'
to quit now. > proceed
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
Command Result : 0 (Success)
Examples of incorrect usage
Attempting to set or add improper ciphers
lunash:>sysconf ssh ciphers set -list invalid-cipherA:deprecated-cipherB:made-up-cipherC Error: The following SSH cipher(s) are invalid: invalid-cipherA deprecated-cipherB made-up-cipherC Command Result : 65535 (Luna Shell execution) lunash:>
Attempting to remove ciphers that are not already among those configured
lunash:>sysconf ssh ciphers set -list aes192-ctr:arcfour -remove Error: Cannot remove the following SSH cipher(s), as they are not currently configured: aes192-ctr arcfour Command Result : 65535 (Luna Shell execution)
Attempting to remove all ciphers, leaving none configured
lunash:>sysconf ssh ciphers set -list aes256-ctr:aes256-cbc -remove Error: Cannot remove all currently configured SSH ciphers. Command Result : 65535 (Luna Shell execution)
