Loading...

Check supported algorithms in OpenSSH

I have to prepare some file transfers within the company. The administrator was talking about mandatory cipher suites aes128-cbc and aes256-cbc. Basically I rely on OpenSSH and don’t dig so deep into the details, but never hurts to check if my running systems comply with above requirements.

OpenSSH offers in the man page following option:

 -Q cipher | cipher-auth | mac | kex | key
             Queries ssh for the algorithms supported for the specified version 2.  The available features are: cipher (supported sym‐
             metric ciphers), cipher-auth (supported symmetric ciphers that support authenticated encryption), mac (supported message
             integrity codes), kex (key exchange algorithms), key (key types).

Supported cipher suites, requirements fulfilled :-).

vinh@omega:~> ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

Supported message integrity codes

vinh@omega:~> ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

Supported key exchange algorithms

vinh@omega:~> ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group1-sha1
curve25519-sha256@libssh.org
gss-gex-sha1-
gss-group1-sha1-
gss-group14-sha1-

Supported key types

vinh@omega:~> ssh -Q key
ssh-rsa
ssh-dss
ssh-ed25519
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-rsa-cert-v00@openssh.com
ssh-dss-cert-v00@openssh.com
ssh-ed25519-cert-v01@openssh.com
null
ssh