SSH algorithms
List of supported key exchange, encryption, host key and mac algorithms
Buru SFTP Server currently supports SSH algorithms listed below.
You can fine-tune the order of preference of algorithms or enable / disable altogether in the configuration file.
Key exchange algorithms
| __MODERN (secure) |
| curve25519-sha256 |
256 bits |
Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash |
| curve25519-sha256@libssh.org |
256 bits |
Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash |
| ecdh-sha2-nistp521 |
521 bits |
Elliptic Curve Diffie Hellman with NIST P-521 curve and SHA-512 hash |
| ecdh-sha2-nistp384 |
384 bits |
Elliptic Curve Diffie Hellman with NIST P-384 curve and SHA-384 hash |
| ecdh-sha2-nistp256 |
256 bits |
Elliptic Curve Diffie Hellman with NIST P-256 curve and SHA-256 hash |
| ecdh-sha2-1.3.132.0.10 |
256 bits |
2.11.0+Elliptic Curve Diffie Hellman with secp256k1 curve and SHA-256 hash. Supported on Windows 10+ and Windows Server 2016+. |
| diffie-hellman-group16-sha512 |
4096 bits |
Diffie Hellman with Oakley Group 16 and SHA-512 hash |
| diffie-hellman-group15-sha512 |
3072 bits |
Diffie Hellman with Oakley Group 15 and SHA-512 hash |
| diffie-hellman-group-exchange-sha256 |
Negotiated |
Diffie Hellman with group exchange and SHA-256 hash |
| __ALL (unsecure, not recommended) |
all of the above, plus: |
| diffie-hellman-group1-sha1 |
1024 bits |
Diffie Hellman with Oakley Group 2 and SHA-1 hash |
Host key algorithms
| __MODERN (secure) |
| ssh-ed25519 |
Ed25519, an Edwards-curve Digital Signature Algorithm (EdDSA) |
| ecdsa-sha2-nistp521 |
Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-521 curve with SHA-512 hash |
| ecdsa-sha2-nistp384 |
Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-384 curve with SHA-384 hash |
| ecdsa-sha2-nistp256 |
Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-256 curve with SHA-256 hash |
| ecdsa-sha2-1.3.132.0.10 |
2.11.0+Elliptic Curve Digital Signature Algorithm (ECDSA) on secp256k1 curve with SHA-256 hash. Supported on Windows 10+ and Windows Server 2016+. |
| rsa-sha2-512 |
RSA with SHA-512 hash |
| ssh-rsa-sha256@ssh.com |
RSA with SHA-256 hash |
| rsa-sha2-256 |
RSA with SHA-256 hash |
| x509v3-ecdsa-sha2-nistp521 |
2.10.0+X.509 certificate with ECDSA on NIST P-521 curve and SHA-2 hash |
| x509v3-ecdsa-sha2-nistp384 |
2.10.0+X.509 certificate with ECDSA on NIST P-384 curve and SHA-2 hash |
| x509v3-ecdsa-sha2-nistp256 |
2.10.0+X.509 certificate with ECDSA on NIST P-256 curve and SHA-2 hash |
| x509v3-rsa2048-sha256 |
2.10.0+X.509 certificate with 2048+ bit RSA and SHA-256 hash |
| x509v3-sign-rsa-sha256@ssh.com |
2.10.0+X.509 certificate with RSA and SHA-256 hash |
| __ALL (unsecure, not recommended) |
all of the above |
Encryption algorithms
| __MODERN (secure) |
| aes256-gcm@openssh.com |
AES in GCM mode with 256-bit key |
| aes128-gcm@openssh.com |
AES in GCM mode with 128-bit key |
| aes256-ctr |
AES in CTR mode with 256-bit key |
| aes192-ctr |
AES in CTR mode with 192-bit key |
| aes128-ctr |
AES in CTR mode with 128-bit key |
| chacha20-poly1305@openssh.com |
ChaCha20/Poly1305 AEAD cipher with 256-bit key |
| twofish256-ctr |
Twofish in CTR mode with 256-bit key |
| twofish192-ctr |
Twofish in CTR mode with 192-bit key |
| twofish128-ctr |
Twofish in CTR mode with 128-bit key |
| __ALL (unsecure, not recommended) |
all of the above, plus: |
| arcfour256 |
ArcFour (RC4) stream cipher (with discard step) with 256-bit key |
| arcfour128 |
ArcFour (RC4) stream cipher (with discard step) with 128-bit key |
| arcfour |
ArcFour (RC4) stream cipher with 128-bit key |
| blowfish-ctr |
Twofish in CTR mode with 256-bit key |
| blowfish-cbc |
Blowfish in CBC mode with 128-bit key |
MAC algorithms
| __MODERN (secure) |
| hmac-sha2-512-etm@openssh.com |
SHA-512 (ETM mode) |
| hmac-sha2-256-etm@openssh.com |
SHA-256 (ETM mode) |
| hmac-sha2-512 |
SHA-512 |
| hmac-sha2-256 |
SHA-256 |
| __ALL (unsecure, not recommended) |
all of the above |
| hmac-md5 |
MD5 |
| hmac-md5-96 |
MD5 (trimmed to 96 bits) |