SSH algorithms

List of supported key exchange, encryption, host key and mac algorithms

Buru SFTP Server currently supports SSH algorithms listed below. You can fine-tune the order of preference of algorithms or enable / disable altogether in the configuration file.

Key exchange algorithms

__MODERN (secure)
curve25519-sha256	256 bits	Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash
curve25519-sha256@libssh.org	256 bits	Elliptic Curve Diffie-Hellman on Curve25519 with SHA-256 hash
ecdh-sha2-nistp521	521 bits	Elliptic Curve Diffie Hellman with NIST P-521 curve and SHA-512 hash
ecdh-sha2-nistp384	384 bits	Elliptic Curve Diffie Hellman with NIST P-384 curve and SHA-384 hash
ecdh-sha2-nistp256	256 bits	Elliptic Curve Diffie Hellman with NIST P-256 curve and SHA-256 hash
ecdh-sha2-1.3.132.0.10	256 bits	2.11.0+Elliptic Curve Diffie Hellman with secp256k1 curve and SHA-256 hash. Supported on Windows 10+ and Windows Server 2016+.
diffie-hellman-group16-sha512	4096 bits	Diffie Hellman with Oakley Group 16 and SHA-512 hash
diffie-hellman-group15-sha512	3072 bits	Diffie Hellman with Oakley Group 15 and SHA-512 hash
diffie-hellman-group-exchange-sha256	Negotiated	Diffie Hellman with group exchange and SHA-256 hash

__INTERMEDIATE (best compatibility)	all of the above, plus:
diffie-hellman-group14-sha256	2048 bits	Diffie Hellman with Oakley Group 14 and SHA-256 hash
diffie-hellman-group14-sha1	2048 bits	Diffie Hellman with Oakley Group 14 and SHA-1 hash
diffie-hellman-group-exchange-sha1	Negotiated	Diffie Hellman with group exchange and SHA-1 hash

__ALL (unsecure, not recommended)	all of the above, plus:
diffie-hellman-group1-sha1	1024 bits	Diffie Hellman with Oakley Group 2 and SHA-1 hash

Host key algorithms

__MODERN (secure)
ssh-ed25519	Ed25519, an Edwards-curve Digital Signature Algorithm (EdDSA)
ecdsa-sha2-nistp521	Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-521 curve with SHA-512 hash
ecdsa-sha2-nistp384	Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-384 curve with SHA-384 hash
ecdsa-sha2-nistp256	Elliptic Curve Digital Signature Algorithm (ECDSA) on NIST P-256 curve with SHA-256 hash
ecdsa-sha2-1.3.132.0.10	2.11.0+Elliptic Curve Digital Signature Algorithm (ECDSA) on secp256k1 curve with SHA-256 hash. Supported on Windows 10+ and Windows Server 2016+.
rsa-sha2-512	RSA with SHA-512 hash
ssh-rsa-sha256@ssh.com	RSA with SHA-256 hash
rsa-sha2-256	RSA with SHA-256 hash
x509v3-ecdsa-sha2-nistp521	2.10.0+X.509 certificate with ECDSA on NIST P-521 curve and SHA-2 hash
x509v3-ecdsa-sha2-nistp384	2.10.0+X.509 certificate with ECDSA on NIST P-384 curve and SHA-2 hash
x509v3-ecdsa-sha2-nistp256	2.10.0+X.509 certificate with ECDSA on NIST P-256 curve and SHA-2 hash
x509v3-rsa2048-sha256	2.10.0+X.509 certificate with 2048+ bit RSA and SHA-256 hash
x509v3-sign-rsa-sha256@ssh.com	2.10.0+X.509 certificate with RSA and SHA-256 hash

__INTERMEDIATE (best compatibility)	all of the above, plus:
ssh-dss	NIST Digital Signature Algorithm (DSA) with SHA-1 hash
ssh-rsa	RSA with SHA-1 hash
x509v3-sign-rsa	2.10.0+X.509 certificate with RSA and SHA-1 hash
x509v3-sign-dss	2.10.0+X.509 certificate with DSA and SHA-1 hash

__ALL (unsecure, not recommended)	all of the above

Encryption algorithms

__MODERN (secure)
aes256-gcm@openssh.com	AES in GCM mode with 256-bit key
aes128-gcm@openssh.com	AES in GCM mode with 128-bit key
aes256-ctr	AES in CTR mode with 256-bit key
aes192-ctr	AES in CTR mode with 192-bit key
aes128-ctr	AES in CTR mode with 128-bit key
chacha20-poly1305@openssh.com	ChaCha20/Poly1305 AEAD cipher with 256-bit key
twofish256-ctr	Twofish in CTR mode with 256-bit key
twofish192-ctr	Twofish in CTR mode with 192-bit key
twofish128-ctr	Twofish in CTR mode with 128-bit key

__INTERMEDIATE (best compatibility)	all of the above, plus:
aes256-cbc	AES in CBC mode with 256-bit key
aes192-cbc	AES in CBC mode with 192-bit key
aes128-cbc	AES in CBC mode with 128-bit key
twofish256-cbc	Twofish in CBC mode with 256-bit key
twofish192-cbc	Twofish in CBC mode with 192-bit key
twofish128-cbc	Twofish in CBC mode with 128-bit key
twofish-cbc	Twofish in CBC mode with 256-bit key
3des-ctr	TripleDES in CTR mode
3des-cbc	TripleDES in CBC mode

__ALL (unsecure, not recommended)	all of the above, plus:
arcfour256	ArcFour (RC4) stream cipher (with discard step) with 256-bit key
arcfour128	ArcFour (RC4) stream cipher (with discard step) with 128-bit key
arcfour	ArcFour (RC4) stream cipher with 128-bit key
blowfish-ctr	Twofish in CTR mode with 256-bit key
blowfish-cbc	Blowfish in CBC mode with 128-bit key

MAC algorithms

__MODERN (secure)
hmac-sha2-512-etm@openssh.com	SHA-512 (ETM mode)
hmac-sha2-256-etm@openssh.com	SHA-256 (ETM mode)
hmac-sha2-512	SHA-512
hmac-sha2-256	SHA-256

__INTERMEDIATE (best compatibility)	all of the above, plus:
hmac-sha1	SHA-1
hmac-sha1-96	SHA-1 (trimmed to 96 bits)

__ALL (unsecure, not recommended)	all of the above
hmac-md5	MD5
hmac-md5-96	MD5 (trimmed to 96 bits)