Supported Algorithms
SSH Config Tips
You can enable or disable algorithms using the Ciphers
, HostKeyAlgorithms
, KexAlgorithms
and MACs
keywords in your ssh_config file.
For example, to enable the ecdh-sha2-nistp521
key exchange algorithm, you can add the following line to your ssh_config
file :
Host *
KexAlgorithms +ecdh-sha2-nistp521
To disable aes128-ctr
cipher, you can add the following line to your ssh_config
file :
Host *
Ciphers -aes128-ctr
To set only ssh-rsa
and ssh-ed25519
host key algorithms, you can add the following line to your ssh_config
file :
Host *
HostKeyAlgorithms +ssh-rsa,+ssh-ed25519
^
character is not supported by WebSSH. Only +
and -
are supported to enable or disable algorithms without changing the default ones.
Ciphers
The supported ciphers are :
- [email protected]
- aes128-ctr
- aes256-ctr
- aes192-ctr
- aes128-cbc
- aes256-cbc
- aes192-cbc
- [email protected]
- [email protected]
- twofish256-cbc
- twofish128-cbc
- blowfish-cbc
The default enabled are :
- aes128-ctr
- aes256-ctr
- [email protected]
- [email protected]
HostKeyAlgorithms
The supported host key algorithms are :
- ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp521
- ssh-ed25519
- rsa-sha2-256
- rsa-sha2-512
- ssh-rsa
- ssh-dss
The default enabled are :
- ssh-ed25519
- rsa-sha2-256
- rsa-sha2-512
^
character is not supported by WebSSH. Only +
and -
are supported to enable or disable host key algorithms without changing the default ones.
KexAlgorithms
The supported key exchange algorithms are :
- curve25519-sha256
- [email protected]
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group14-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group1-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha1
The default enabled are :
- curve25519-sha256
- [email protected]
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
- diffie-hellman-group-exchange-sha256
^
character is not supported by WebSSH. Only +
and -
are supported to enable or disable key exchange algorithms without changing the default ones.
MACs
The supported MACs are :
- hmac-sha2-256
- hmac-sha2-512
- [email protected]
- [email protected]
- [email protected]
- hmac-sha1
- hmac-ripemd160
- hmac-sha1-96
- hmac-md5
The default enabled are :