Hi, dear friend.
1. The security hardening default command is used to perform security hardening on insecure default configurations. To change the insecure default configurations to secure configurations in batches, and to improve the system security, run this command.
Modes: Global config mode
Level: Administrator level
Usage Guidelines:
After this command is executed successfully, the system automatically executes the following commands to perform security hardening on insecure default configurations.
sysman service telnet disable: Disables the telnet service port.
snmp-agent sys-info version v3: Sets the system to support only the SNMPv3 protocol.
ssh server cipher: Configures the encryption algorithms supported by the SSH server to aes256_ctr, aes256_gcm, aes128_ctr, and aes128_gcm, aes192_ctr.
ssh server hmac: Configures the HMAC algorithm of the SSH server to sha2_512, sha2_256 and sha1.
ssh client cipher: Configures the encryption algorithms supported by the SSH server to aes256_ctr, aes256_gcm, aes128_ctr, and aes128_gcm, aes192_ctr.
ssh client hmac: Configures the HMAC algorithm of the SSH server to sha2_512, sha2_256 and sha1.
ssh server key-exchange: Configures the key exchange algorithm of the SSH server to dh_group14_sha1, dh_group_exchange_sha1, dh_group_exchange_sha256.
ssh client key-exchange: Configures the key exchange algorithm of the SSH client to dh_group14_sha1, dh_group_exchange_sha1, dh_group_exchange_sha256.
ssh server dh-exchange min-len: Configures the supported minimum key length during the Diffie-hellman-group-exchange key exchange between the SSH server and client to 2048 bits.
Note: After the telnet network service port is disabled, the user on the port will be forced to go offline.
2. Changing the default SSH port is not supported on this device.
Thanks.
