Documentation Home
Connectors and APIs Manual
Download this Manual

4.4.2.1 SSH Ciphers in Connector/NET

This section includes the approved, deprecated, and invalid sets of SSH ciphers maintained by Connector/NET. The inclusion of ciphers and algorithms in the various lists can change over time.

Approved SSH Ciphers

Approved SSH ciphers and algorithms by category include:

  • Encryptions

    • aes128-ctr

    • aes192-ctr

    • aes256-ctr

  • Host Key Algorithms

    • ecdsa-sha2-nistp256

    • ecdsa-sha2-nistp384

    • ecdsa-sha2-nistp521

    • ssh-ed25519

  • Key Exchange Algorithms

    • diffie-hellman-group-exchange-sha256

  • Keyed Hash Message Authentication Codes

    • hmac-sha2-256

    • hmac-sha2-256-96

    • hmac-sha2-512

    • hmac-sha2-512-96

Deprecated SSH Ciphers

Deprecated SSH ciphers and algorithms are available for legacy and interoperability purposes only. These items are subject to gradual phaseout (see Invalid SSH Ciphers).

The current set of deprecated ciphers and algorithms by category are:

  • Encryptions

    • aes128-cbc

    • aes192-cbc

    • aes256-cbc

  • Host Key Algorithms

    • ssh-rsa

  • Key Exchange Algorithms

    • diffie-hellman-group14-sha1

  • Keyed Hash Message Authentication Codes

    • hmac-sha1

Invalid SSH Ciphers

The following SSH ciphers and algorithms (by category) are no longer permitted:

  • Encryptions

    • 3des-cbc

    • arcfour

    • arcfour128

    • arcfour256

    • blowfish-cbc

    • cast128-cbc

    • twofish-cbc

    • twofish192-cbc

    • twofish128-cbc

    • twofish256-cbc

  • Host Key Algorithms

    • ssh-dss

  • Key Exchange Algorithms

    • diffie-hellman-group-exchange-sha1

    • diffie-hellman-group1-sha1

  • Keyed Hash Message Authentication Codes

    • hmac-md5

    • hmac-md5-96

    • hmac-ripemd160

    • hmac-ripemd160@openssh.com

    • hmac-sha1-96