key-exchange

Syntax

Hierarchy Level

Description

Specify the set of Diffie-Hellman key exchange methods that the SSH server can use.

Options

Specify one or more of the following Diffie-Hellman key exchange methods:

• curve25519-sha256—The EC Diffie-Hellman key exchange method on Curve25519 with SHA2-256.

• dh-group1-sha1—The Diffie-Hellman group1 algorithm using SHA-1.

• dh-group14-sha1—The Diffie-Hellman group14 algorithm using SHA-1.

• dh-group16-sha512—(Default) The Diffie-Hellman group16 algorithm using SHA512.

• dh-group18-sha512—(Default) The Diffie-Hellman group18 algorithm using SHA512.

• ecdh-sha2-nistp256—The ECDH key exchange method with ephemeral keys generated on the nistp256 curve.

• ecdh-sha2-nistp384—The ECDH key exchange method with ephemeral keys generated on the nistp384 curve.

• ecdh-sha2-nistp521—The ECDH key exchange method with ephemeral keys generated on the nistp521 curve.

• group-exchange-sha1—The group exchange algorithm using SHA-1.

• group-exchange-sha2—The group exchange algorithm using SHA-2.

• sntrup761x25519-sha512—The combination of Streamlined NTRU Prime 761 and X25519 hybrid key exchange using SHA512 as the Shor-resistant algorithm for protection against quantum attacks.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.2. Support for the curve25519-sha256 option added in Junos OS Release 12.1X47-D10.

dh-group16-sha, dh-group18-sha512, and 512sntrup761x25519-sha512 options added in Junos OS Evolved Release 25.4R1.