SSH - Cipher, Key, MAC

OpenBSD
Page content

SSH Stuff

Supported Ciphers, Key, MAC on OpenBSD 7.1. Not all of them are good for useage, here is my recommendation.

for your sshd_config / ssh_config

Ciphers                aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes128-cbc

HostKeyAlgorithms      ssh-ed25519,[email protected],[email protected],
                       [email protected],rsa-sha2-512,rsa-sha2-256

Kexalgorithms          [email protected],diffie-hellman-group16-sha512,
                       diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

MACs                   [email protected],[email protected]

PubKeyAcceptedKeyTypes ssh-ed25519,[email protected],[email protected],
                       [email protected],[email protected],
                       [email protected],[email protected],rsa-sha2-512,rsa-sha2-25

List of all available Types

Cipher

ssh -Q cipher

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]
[email protected]

HostbasedAcceptedAlgorithms

ssh -Q HostbasedAcceptedAlgorithms

ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

HostKeyAlgorithms

ssh -Q HostKeyAlgorithms

ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

KexAlgorithms

ssh -Q KexAlgorithms

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]
[email protected]
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]
[email protected]

MAC

Message Authentication Code

ssh -Q mac

hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

PubkeyAcceptedAlgorithms

ssh -Q PubkeyAcceptedAlgorithms

ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Any Comments ?

sha256: 3e0cdf2cad4b896a10c9561443e27c256d954cf8ae01a15076f320b7d77b4d4c