key-exchange
Syntax
key-exchange [algorithm1 algorithm2...];
Hierarchy Level
[edit system services ssh]
Description
Specify the set of Diffie-Hellman key exchange methods that the SSH server can use.
Options
Specify one or more of the following Diffie-Hellman key exchange methods:
curve25519-sha256—The EC Diffie-Hellman key exchange method on Curve25519 with SHA2-256.dh-group1-sha1—The Diffie-Hellman group1 algorithm using SHA-1.dh-group14-sha1—The Diffie-Hellman group14 algorithm using SHA-1.ecdh-sha2-nistp256—The ECDH key exchange method with ephemeral keys generated on the nistp256 curve.ecdh-sha2-nistp384—The ECDH key exchange method with ephemeral keys generated on the nistp384 curve.ecdh-sha2-nistp521—The ECDH key exchange method with ephemeral keys generated on the nistp521 curve.group-exchange-sha1—The group exchange algorithm using SHA-1.group-exchange-sha2—The group exchange algorithm using SHA-2.
The key-exchange represents a set. To configure key-exchange:
user@host#set system services ssh key-exchange [ecdh-sha2-nistp256 group-exchange-sha1]
Table 1 shows the supportability of Diffie-Hellman key exchange methods on FIPS mode.
Diffie-Hellman key exchange methods |
Supported on FIPS mode |
|---|---|
|
No |
|
No |
|
Yes |
|
Yes |
|
Yes |
|
Yes |
|
No |
|
No |
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 11.2. Support for the curve25519-sha256 option added in Junos OS Release 12.1X47-D10.