This post is older than a year. Consider some information might not be accurate anymore.
I have to prepare some file transfers within the company. The administrator was talking about mandatory cipher suites aes128-cbc
and aes256-cbc
. Basically I rely on OpenSSH and don’t dig so deep into the details, but never hurts to check if my running systems comply with above requirements.
OpenSSH offers in the man page following option:
-Q cipher | cipher-auth | mac | kex | key
Queries ssh for the algorithms supported for the specified version 2. The available features are: cipher (supported sym‐
metric ciphers), cipher-auth (supported symmetric ciphers that support authenticated encryption), mac (supported message
integrity codes), kex (key exchange algorithms), key (key types).
Supported cipher suites, requirements fulfilled :-).
vinh@omega:~> ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
Supported message integrity codes
vinh@omega:~> ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
Supported key exchange algorithms
vinh@omega:~> ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group1-sha1
curve25519-sha256@libssh.org
gss-gex-sha1-
gss-group1-sha1-
gss-group14-sha1-
Supported key types
vinh@omega:~> ssh -Q key
ssh-rsa
ssh-dss
ssh-ed25519
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-rsa-cert-v00@openssh.com
ssh-dss-cert-v00@openssh.com
ssh-ed25519-cert-v01@openssh.com
null