Supported SSH Algorithms
KEX Algorithms
Default algorithms:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- diffie-hellman-group14-sha1
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
Supported legacy algorithms:
- diffie-hellman-group1-sha1
- diffie-hellman-group-exchange-sha1
- diffie-hellman-group-exchange-sha256
You can enable the supported legacy KEX algorithms per target fqdn pattern, CIDR or IP address by editing ssh-algorithms.toml.
Hostkey Algorithms
- ecdsa-sha2-nistp256
- [email protected]
- ecdsa-sha2-nistp384
- [email protected]
- ecdsa-sha2-nistp521
- [email protected]
- ssh-ed25519
- [email protected]
- ssh-dsa
- [email protected]
- ssh-rsa
- [email protected]
Ciphers
Default algorithms:
- aes128-ctr
- [email protected]
- aes192-ctr
- aes256-ctr
- [email protected]
Supported legacy algorithms:
- arcfour256
- arcfour128
- arcfour
- aes128-cbc
- 3des-cbc
You can enable the supported legacy cipher algorithms per target fqdn pattern, CIDR or IP address by editing ssh-algorithms.toml.
MACs
- hmac-sha1
- hmac-sha1-96
- hmac-sha2-256
- [email protected]
SFTP protocols
Default version:
- 6
Supported versions:
- 3
- 4
- 5
- 6
You can set the SFTP version per PrivX Extender, target FQDN pattern, CIDR or IP address by editing ssh-algorithms.toml.
Note
If your target host uses an older algorithm not included in the list above and it is not possible to add an algorithm override configuration, a native SSH client via PrivX SSH Agent can be used.
Note
The supported legacy algorithms are not enabled by default because the algorithms can no longer be considered safe to use. Consider first upgrading your target host to support the default algorithms. Only enable legacy algorithms if target host upgrade is not an option.
Updated 7 months ago