Strong Ciphers for SSHD

SSMC 3.7 and later releases provide a new switch for SSHD to use Commercial National Security Algorithm (CNSA) crypto algorithms. When you enable the switch, the crypto algorithms are available for the SSH server process.

Ciphers aes256-ctr,aes256-gcm@openssh.com

MACs hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com

KexAlgorithms ecdh-sha2-nistp384,ecdh-sha2-nistp521

Enable or disable Strong Ciphers for SSHD

To enable strong ciphers for SSHD, execute the following command:

sudo /ssmc/bin/config_security.sh -o cnsa_mode_appliance -a enable -f

To disable strong ciphers for SSHD, execute the following command:

sudo /ssmc/bin/config_security.sh -o cnsa_mode_appliance -a disable -f