Cisco Spaces: Connector3 Command Reference Guide

connectorctl sshd hostkey

To configure and show the list of Host key algorithms, use the connectorctl sshd hostkey command. Host key algorithms are used to verify the server's identity to the client. The server uses its private key to authenticate itself, and the client uses the server's public key to verify this identity.

connectorctl sshd hostkey

Syntax Description


Keywords and Variables	Description
show	Shows the list of all Host key algorithms.
remove -a	Removes all the weak Host key algorithms.
remove -r <algorithm names>	Removes only the given comma separated Host key algorithms.
reset	Resets the Host key algorithm configuration.
-h	Shows the detailed help message.

Command History


Release 3	This command is introduced.

Examples

The following example shows the list of all Host key algorithms:


        [spacesadmin@Connector3-June2024 ~]$ connectorctl sshd hostkey show
        Executing command:sshd
        Command execution status:Success
        -----------------------
        List of supported host Key algorithms is:
        hostkeyalgorithms *

Examples

The following example shows how to remove all weak Host key algorithms:

[spacesadmin@Connector3-June2024 ~]$ connectorctl  sshd hostkey remove -a
Executing command:sshd
Command execution status:Success
-----------------------
Removing all unsupported weak algorithms
Successfully removed 
x509v3-ecdsa-sha2-nistp256,
x509v3-ecdsa-sha2-nistp384,
x509v3-ecdsa-sha2-nistp521,
x509v3-ssh-rsa,
x509v3-rsa2048-sha256,
x509v3-sign-rsa,,,
ssh-ed25519,,
ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384,
ecdsa-sha2-nistp521,
ssh-rsa key exchange algorithm(s)

Examples

The following example shows how to remove only the given comma separated Host key algorithms:

[spacesadmin@Connector3-June2024 ~]$ connectorctl sshd hostkey remove -r x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384
Executing command:sshd
Command execution status:Success
-----------------------
Successfully removed 
,,
x509v3-ecdsa-sha2-nistp521,
x509v3-ssh-rsa,
x509v3-rsa2048-sha256,
x509v3-sign-rsa,
x509v3-sign-dss,
x509v3-ssh-dss,
ssh-ed25519,
ssh-dss,
ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384,
ecdsa-sha2-nistp521,
ssh-rsa key exchange algorithm(s)

Examples

The following example shows how to reset the Host key algorithm configuration:

[spacesadmin@admin ~]$ connectorctl sshd hostkey reset
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully reset key exchange algorithms configuration
        [spacesadmin@Connector3-June2024 ~]$ connectorctl sshd hostkey remove -a
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Removing all unsupported weak algorithms
        Successfully removed 
        x509v3-ecdsa-sha2-nistp256,
        x509v3-ecdsa-sha2-nistp384,
        x509v3-ecdsa-sha2-nistp521,
        x509v3-ssh-rsa,
        x509v3-rsa2048-sha256,
        x509v3-sign-rsa,,,
        ssh-ed25519,,
        ecdsa-sha2-nistp256,
        ecdsa-sha2-nistp384,
        ecdsa-sha2-nistp521,
        ssh-rsa key exchange algorithm(s)

connectorctl sshd kex

To configure and show the list of Key exchange algorithms, use the connectorctl sshd kex command. Key exchange algorithms are used to securely exchange cryptographic keys between the client and the server over an insecure network. This process ensures that the communication remains private and secure.

connectorctl sshd kex

Syntax Description


Keywords and Variables	Description
show	Shows the list of all Key exchange algorithms.
remove -a	Removes all the weak Key exchange algorithms.
remove -r `algorithm names`	Removes only the given comma separated Key exchange algorithms.
reset	Resets the Key exchange algorithm configuration.
-h	Shows the detailed help message.

Examples

The following example shows how to list all the Key exchange algorithms:

[spacesadmin@admin ~]$ connectorctl sshd kex show
        Executing command:sshd
        Command execution status:Success
        -----------------------
        List of supported Key Exchange algorithms is:
        kexalgorithms 
        ecdh-sha2-nistp256,
        ecdh-sha2-nistp384,
        ecdh-sha2-nistp521,
        diffie-hellman-group14-sha1,
        diffie-hellman-group14-sha256,
        diffie-hellman-group16-sha512

Examples

The following example shows how to remove all weak Key exchange algorithms:

[spacesadmin@admin ~]$ connectorctl sshd kex remove -a
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Removing all unsupported weak algorithms
        Successfully removed -diffie-hellman-group-exchange-sha1,
        diffie-hellman-group1-sha1 key exchange algorithm(s)

Examples

The following example shows how to remove only the given comma separated Key exchange algorithms:

[spacesadmin@admin ~]$ connectorctl sshd kex remove -r curve25519-sha256@libssh.org
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully removed -curve25519-sha256@libssh.org key exchange algorithm(s)

Examples

The following example shows how to reset the Key exchange algorithm configuration:

[spacesadmin@admin ~]$ connectorctl sshd kex reset
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully reset Key Exchange algorithms configuration

connectorctl sshd cipher

To configure and show the list of cipher algorithms, use the connectorctl sshd cipher command. Cipher algorithms are used to encrypt data transmitted between the client and the server, ensuring confidentiality.

connectorctl sshd cipher

Syntax Description


Keywords and Variables	Description
show	Shows the list of all cipher algorithms.
remove -a	Removes all the weak cipher algorithms.
remove -r`algorithm names`	Removes only the given comma separated cipher algorithms.
reset	Resets the cipher algorithm configuration.
-h	Shows the detailed help message.

Examples

The following example shows the list of all cipher algorithms:


        [spacesadmin@Connector3-June2024 ~]$ connectorctl sshd cipher show
        Executing command:sshd
        Command execution status:Success
        -----------------------
        List of supported Cipher algorithms is:
        ciphers 
        chacha20-poly1305@openssh.com,
        aes128-ctr,aes192-ctr,
        aes256-ctr,aes128-gcm@openssh.com,
        aes256-gcm@openssh.com

Examples

The following example shows how to remove all weak cipher algorithms:


        [spacesadmin@Connector3-June2024 ~]$ connectorctl sshd cipher remove -a
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Removing all unsupported cipher algorithms
        Successfully removed -3des-cbc key exchange algorithm(s)

Examples

The following example shows how to remove only the given comma separated cipher algorithms:


        [spacesadmin@Connector3-June2024 ~]$ connectorctl sshd cipher remove -r chacha20-poly1305@openssh.com
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully removed -chacha20-poly1305@openssh.com key exchange algorithm(s)

Examples

The following example shows how to reset the cipher algorithm:


        [spacesadmin@Connector3-June2024 ~]$ connectorctl sshd cipher reset
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully reset Cipher algorithms configuration

connectorctl sshd mac

To configure and show the list of Message Authentication Code (MAC) algorithms, use the connectorctl sshd mac command. MAC algorithms are used to ensure the integrity and authenticity of the transmitted data, protecting it against tampering.

connectorctl sshd mac

Syntax Description


Keywords and Variables	Description
show	Shows the list of all MAC algorithms.
remove -a	Removes all the weak MAC algorithms.
remove -r`algorithm names`	Removes only the given comma separated MAC algorithms.
reset	Resets the MAC algorithm configuration.
-h	Shows the detailed help message.

Examples

The following example shows the list of all MAC algorithms:

[spacesadmin@admin~]$ connectorctl sshd mac show
        Executing command:sshd
        Command execution status:Success
        -----------------------
        List of supported MAC algorithms is:
        macs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

Examples

The following example shows how to remove all the weak MAC algorithms:

[spacesadmin@admin ~]$ connectorctl sshd mac remove -a
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Removing all unsupported weak mac algorithms
        Successfully removed -umac-64-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,hmac-sha1 key exchange algorithm(s)
        
        Successfully removed weak MAC configuration

Examples

The following example shows how to remove only the given comma separated MAC algorithms:

[spacesadmin@admin ~]$ connectorctl sshd mac remove -r hmac-sha1-etm@openssh.com
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully removed -hmac-sha1-etm@openssh.com key exchange algorithm(s)
        
        Successfully removed weak MAC configuration

Examples

The following example shows how to reset the MAC algorithm configuration:

[spacesadmin@admin ~]$ connectorctl sshd mac reset
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully reset weak MAC configuration

connectorctl sshd pubkey

To configure and show the list of Public key algorithms, use the connectorctl sshd pubkey command. Public key algorithms are used for user authentication, allowing users to log in without a password by proving ownership of a private key.

connectorctl sshd pubkey

Syntax Description


Keywords and Variables	Description
show	Shows the list of all Public key algorithms.
remove -a	Removes all the weak Public key algorithms.
remove -r `algorithm names`	Removes only the given comma separated Public key algorithms.
reset	Resets the Public key algorithm configuration.
-h	Shows the detailed help message.

Examples

The following example shows the list of all Public key algorithms:

[spacesadmin@admin ~]$ connectorctl sshd pubkey show
        Executing command:sshd
        Command execution status:Success
        -----------------------
        List of supported Public key algorithms is:
        pubkeyalgorithms *

Examples

The following example shows how to remove all the weak Public key algorithms:

[spacesadmin@admin ~]$ connectorctl sshd pubkey remove -a
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Removing all unsupported weak algorithms
        Successfully removed 
        x509v3-ecdsa-sha2-nistp256,
        x509v3-ecdsa-sha2-nistp384,
        x509v3-ecdsa-sha2-nistp521,
        x509v3-ssh-rsa,
        x509v3-rsa2048-sha256,
        x509v3-sign-rsa,,,
        ssh-ed25519,
        ssh-ed25519-cert-v01@openssh.com,,
        ecdsa-sha2-nistp256,
        ecdsa-sha2-nistp384,
        ecdsa-sha2-nistp521,
        ssh-rsa-cert-v01@openssh.com,
        rsa-sha2-256-cert-v01@openssh.com,
        rsa-sha2-512-cert-v01@openssh.com,
        -cert-v01@openssh.com,
        ecdsa-sha2-nistp256-cert-v01@openssh.com,
        ecdsa-sha2-nistp384-cert-v01@openssh.com,
        ecdsa-sha2-nistp521-cert-v01@openssh.com,
        ssh-rsa,
        rsa-sha2-256,
        rsa-sha2-512 key exchange algorithm(s)

Examples

The following example shows how to remove only the given comma separated Public key algorithms:

[spacesadmin@admin ~]$ connectorctl sshd pubkey remove -r x509v3-ecdsa-sha2-nistp256
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully removed ,
        x509v3-ecdsa-sha2-nistp384,
        x509v3-ecdsa-sha2-nistp521,
        x509v3-ssh-rsa,
        x509v3-rsa2048-sha256,
        x509v3-sign-rsa,
        x509v3-sign-dss,
        x509v3-ssh-dss,
        ssh-ed25519,
        ssh-ed25519-cert-v01@openssh.com,
        ssh-dss,
        ecdsa-sha2-nistp256,
        ecdsa-sha2-nistp384,
        ecdsa-sha2-nistp521,
        ssh-rsa-cert-v01@openssh.com,
        rsa-sha2-256-cert-v01@openssh.com,
        rsa-sha2-512-cert-v01@openssh.com,
        ssh-dss-cert-v01@openssh.com,
        ecdsa-sha2-nistp256-cert-v01@openssh.com,
        ecdsa-sha2-nistp384-cert-v01@openssh.com,
        ecdsa-sha2-nistp521-cert-v01@openssh.com,
        ssh-rsa,
        rsa-sha2-256,
        rsa-sha2-512 key exchange algorithm(s)

Examples

The following example shows how to reset the Public key algorithm configuration:

[spacesadmin@admin ~]$ connectorctl sshd pubkey reset
        Executing command:sshd
        Command execution status:Success
        -----------------------
        Successfully reset key exchange algorithms configuration

Bias-Free Language

Book Title

Cisco Spaces: Connector3 Command Reference Guide

Chapter Title

Managing Weak Algorithms from SSHD Configurations

Results

Chapter: Managing Weak Algorithms from SSHD Configurations

Managing Weak Algorithms from SSHD Configurations

connectorctl sshd hostkey

Syntax Description

Command History

Examples

Examples

Examples

Examples

connectorctl sshd kex

Syntax Description

Examples

Examples

Examples

Examples

connectorctl sshd cipher

Syntax Description

Examples

Examples

Examples

Examples

connectorctl sshd mac

Syntax Description

Examples

Examples

Examples

Examples

connectorctl sshd pubkey

Syntax Description

Examples

Examples

Examples

Examples

Was this Document Helpful?

Contact Cisco