Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

key-exchange

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 11.2. Support for the curve25519-sha256 option added in Junos OS Release 12.1X47-D10.

Description

Specify the set of Diffie-Hellman key exchange methods that the SSH server can use.

Options

Specify one or more of the following Diffie-Hellman key exchange methods:

  • curve25519-sha256—The EC Diffie-Hellman key exchange method on Curve25519 with SHA2-256.

  • dh-group1-sha1—The Diffie-Hellman group1 algorithm using SHA-1.

  • dh-group14-sha1—The Diffie-Hellman group14 algorithm using SHA-1.

  • ecdh-sha2-nistp256—The ECDH key exchange method with ephemeral keys generated on the nistp256 curve.

  • ecdh-sha2-nistp384—The ECDH key exchange method with ephemeral keys generated on the nistp384 curve.

  • ecdh-sha2-nistp521—The ECDH key exchange method with ephemeral keys generated on the nistp521 curve.

  • group-exchange-sha1—The group exchange algorithm using SHA-1.

  • group-exchange-sha2—The group exchange algorithm using SHA-2.

Note

The key-exchange represents a set. To configure key-exchange:

Note

Table 1 shows the supportability of Diffie-Hellman key exchange methods on FIPS mode.

Table 1: Supportability of Diffie-Hellman key exchange methods on FIPS mode

Diffie-Hellman key exchange methods

Supported on FIPS mode

curve25519-sha256

No

dh-group1-sha1

No

dh-group14-sha1

Yes

ecdh-sha2-nistp256

Yes

ecdh-sha2-nistp384

Yes

ecdh-sha2-nistp521

Yes

group-exchange-sha1

No

group-exchange-sha2

No

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.