Supported SSH Algorithms

KEX Algorithms

Default algorithms:

Supported legacy algorithms:

  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256

You can enable the supported legacy KEX algorithms per target fqdn pattern, CIDR or IP address by editing ssh-algorithms.toml.

Hostkey Algorithms

Ciphers

Default algorithms:

Supported legacy algorithms:

  • arcfour256
  • arcfour128
  • arcfour
  • aes128-cbc
  • 3des-cbc

You can enable the supported legacy cipher algorithms per target fqdn pattern, CIDR or IP address by editing ssh-algorithms.toml.

MACs

SFTP protocols

Default version:

  • 6

Supported versions:

  • 3
  • 4
  • 5
  • 6

You can set the SFTP version per PrivX Extender, target FQDN pattern, CIDR or IP address by editing ssh-algorithms.toml.

If your target host uses an older algorithm not included in the list above and it is not possible to add an algorithm override configuration, a native SSH client via PrivX SSH Agent can be used.

The supported legacy algorithms are not enabled by default because the algorithms can no longer be considered safe to use. Consider first upgrading your target host to support the default algorithms. Only enable legacy algorithms if target host upgrade is not an option.

Was this page helpful?