AE-2349 : Enable SSH Configuration and Cipher Modification on AMP Device
Review Request #1492 — Created May 12, 2026 and submitted — Latest diff uploaded
| Information | |
|---|---|
| mmiriam | |
| AMP | |
| amp_3_7_2 | |
| AE-2349 | |
| Reviewers | |
| apoorva.sn, pmurugaiyan | |
AE-2349 : Enable SSH Configuration and Cipher Modification on AMP Device
AMP#/ca/bin/ssh -V
OpenSSH_10.1p1, OpenSSL 1.1.1d 10 Sep 2019AMP#vi /ca/etc/sshd_config
AMP#/ca/bin/sshd -f /ca/etc/sshd_config -T | grep -E "cipher|key|mac"
pubkeyauthentication yes
ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
macs umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
trustedusercakeys none
revokedkeys none
securitykeyprovider internal
authorizedkeyscommand none
authorizedkeyscommanduser none
hostkeyagent none
hostkeyalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
pubkeyacceptedalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
authorizedkeysfile .ssh/authorized_keys .ssh/authorized_keys2
hostkey /ca/etc/key/ssh_host_rsa_key
hostkey /ca/etc/key/ssh_host_ecdsa_key
hostkey /ca/etc/key/ssh_host_ed25519_key
rekeylimit 0 0
pubkeyauthoptions noneAMP#/ca/bin/sshd -f /ca/etc/sshd_config -T | grep -E "kex"
kexalgorithms curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521AMP#/ca/bin/ssh test@192.168.162.201
The authenticity of host '192.168.162.201 (192.168.162.201)' can't be established.
ED25519 key fingerprint is: SHA256:g9uqFXweaXGlOJi9wcj9jYufa6ci75oTwI6pjn+4M/g
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.162.201' (ED25519) to the list of known hosts.
WARNING: connection is not using a post-quantum key exchange algorithm.
This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
test@192.168.162.201's password:
Last login: Thu May 7 07:40:48 2026 from 192.168.162.147[test@AN ~]$ /ca/bin/ssh test@192.168.85.47
The authenticity of host '192.168.85.47 (192.168.85.47)' can't be established.
ED25519 key fingerprint is: SHA256:Lqqq19lNZHB6YX3aMpKXjmVAeDgAVmZpCro0XRS6mgc
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.85.47' (ED25519) to the list of known hosts.
WARNING: connection is not using a post-quantum key exchange algorithm.
This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
test@192.168.85.47's password:
Last login: Tue May 12 15:26:50 2026 from 192.168.162.147