Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

"ip ssh dh min size" VS "ip ssh server algorithm kex" commands usage

ktang1
Level 1
Level 1

‎02-22-2024 12:20 PM

Hi,

Are these two ip ssh commands related?

If I set "ip ssh dh min size 4096", does it mean kex below DH group 16 (i.e. diffie-hellman-group14-sha1 and diffie-hellman-group14-sha256) won't be allowed when I config "ip ssh server algorithm kex" for ssh connection?

AAA-SW(config)#ip ssh server algorithm kex ?

  curve25519-sha256              Curve 25519 key exchange algorithm

  curve25519-sha256@libssh.org   Curve 25519 key exchange algorithm old name

  diffie-hellman-group14-sha1    DH_GRP14_SHA1 diffie-hellman key exchange algorithm

  diffie-hellman-group14-sha256  DH_GRP14_SHA256 diffie-hellman key exchange algorithm

  diffie-hellman-group16-sha512  DH_GRP16_SHA512 diffie-hellman key exchange algorithm

  ecdh-sha2-nistp256             ECDH_SHA2_P256 ecdh key exchange algorithm

  ecdh-sha2-nistp384             ECDH_SHA2_P384 ecdh key exchange algorithm

  ecdh-sha2-nistp521             ECDH_SHA2_P521 ecdh key exchange algorithm

Thanks,

Ken

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎02-22-2024 12:28 PM

the higher you go it long to crypt - depends on device model and IOS code enable in wiseway.

sure 4096 DH 16 :

https://www.practicalnetworking.net/series/cryptography/diffie-hellman/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card