Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Authentication and Access Control

  • SSH enhancements for algorithm configuration (ACX7100-32C, ACX7100-48L, ACX7024, ACX7024X, ACX7332, ACX7348, ACX7509, PTX10001-36MR, PTX10002-36QDD, PTX10003, PTX10004, PTX10008, PTX10016, and PTX12008)—We've made the following updates to SSH algorithms:

    • The CLI command set system services ssh ca-signature-algorithms should be used to configure the signature algorithms that are allowed for certificate authorities (CAs) to use when signing certificates.

    • Under the system services ssh hostkey-algorithm-list hierarchy level, new options are introduced:

      • set system service ssh hostkey-algorithm-list rsa-sha2-256

      • set system service ssh hostkey-algorithm-list rsa-sha2-512

      These options enable RSA hostkey signatures using the SHA-256 hash algorithm and SHA-512 hash algorithm.

    • RSA signatures using the SHA-1 hash algorithm have been disabled by default. Consequently, the CLI command set system services ssh hostkey-algorithm-list rsa has been deprecated.

    • SSH connections that require a subsystem (for example, netconf) need to explicitly use the -s option.

    [See hostkey-algorithm-list.]