- ONTAP 9
Yes, if ciphers are not being used by the storage controller nor the client they can be removed.
Data ONTAP supports the following SSH security configurations:
The following SSH key exchange algorithms are supported and enabled by default:
Data ONTAP, which serves as an SSH server, automatically selects the most secure SSH key exchange algorithm that matches the client.
- The diffie-hellman-group-exchange-sha256 SSH key exchange algorithm for SHA-2
- The diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1
- For ciphers, the following counter (CTR) mode and cipher block chaining (CBC) mode of the AES and 3DES symmetric encryptions and enabled by default:
The CTR mode ciphers are more secure than the CBC mode ciphers. Among ciphers of the same mode, the higher the key size, the more secure the cipher.
For more information please see Managing SSH security configurations