Home > Storage > PowerScale (Isilon) > Product Documentation > Security and Compliance > Dell PowerScale OneFS: Security Considerations > SSH key exchange, ciphers, algorithms, and tags
This section applies only to OneFS 9.5.0.0 and later versions.
After the STIG security profile is applied or FIPS compliance mode is enabled, SSH must be configured to update the key exchange, ciphers, algorithms, and tags. After successfully applying the STIG security profile or enabling FIPS compliance, perform the following steps:
isi ssh settings modify --kex-algorithms 'diffie-hellman-group16-sha512,diffie-hellman-group16-sha512,ecdh-sha2-nistp384'
isi ssh settings modify --ciphers 'aes256-ctr,aes256-gcm@openssh.com'
isi ssh settings modify --host-key-algorithms 'ecdsa-sha2-nistp384'
isi_for_array 'yes | /usr/local/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -b 384 -N ""'
isi ssh settings modify --pubkey-accepted-key-types 'ssh-rsa'
isi ssh settings modify --macs 'hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com'