ssh
SSH protocol settings, including cryptographic algorithm selection, session limits, and client-facing options. These settings apply to all SSH endpoints. For a list of all supported algorithms, see Supported SSH Algorithms.
ssh:
encryptionAlgorithms: ['__MODERN', '3des-ctr', '3des-cbc']
hostKeyAlgorithms: ['__MODERN']
kexAlgorithms: ['__MODERN', 'diffie-hellman-group14-sha1']
macAlgorithms: ['__INTERMEDIATE']
maxIdleDurationSeconds: 86400
maxSessionDurationSeconds: 86400
maxSessionTransferredBytes: 1073741824
banner: 'Welcome!'
shellHostName: myserver
softwareVersion: MyServer_1.0.0Algorithm macros
Instead of listing individual algorithms, you can use predefined macros that expand to a curated set of algorithms. Macros can be combined with explicit algorithm names — for example, ['__MODERN', '3des-ctr'] enables all modern algorithms plus TripleDES in CTR mode.
| Macro | Purpose |
|---|---|
__MODERN | Only algorithms considered secure by current standards. Use this for environments where all clients support modern cryptography. |
__INTERMEDIATE | All modern algorithms plus older but widely supported ones (e.g. SHA-1 based, CBC mode). This is the default and provides the best compatibility with legacy clients. |
__ALL | Every supported algorithm, including insecure ones (e.g. RC4, MD5). Not recommended outside of testing or specific compatibility scenarios. |
The exact algorithms included in each macro are listed on the Supported SSH Algorithms page.
ssh.encryptionAlgorithms
string[] = ['__INTERMEDIATE']
List of encryption algorithms. Explicit algorithm names or predefined macros (__MODERN, __INTERMEDIATE, __ALL) can be used. See Supported SSH Algorithms for the full list.
Per RFC 4253, the negotiated algorithm is the first entry on the client's preference list that the server also supports. The order of the server's list does not affect the outcome — it only determines which algorithms are available.
ssh.hostKeyAlgorithms
string[] = ['__INTERMEDIATE']
List of host key algorithms. See Supported SSH Algorithms for the full list.
ssh.kexAlgorithms
string[] = ['__INTERMEDIATE']
List of key exchange algorithms. See Supported SSH Algorithms for the full list.
ssh.macAlgorithms
string[] = ['__INTERMEDIATE']
List of MAC (message authentication code) algorithms. See Supported SSH Algorithms for the full list.
ssh.banner
string
Banner message displayed to clients before authentication.
ssh.maxIdleDurationSeconds
number = 86400
Maximum session idle duration in seconds (default is 1 day). When this duration expires, the session is disconnected. Set to 0 to disable.
ssh.maxSessionDurationSeconds
number = 86400
Maximum session duration in seconds (default is 1 day). When this duration expires, a session renegotiation occurs. Set to 0 to disable.
ssh.maxSessionTransferredBytes
number = 1073741824
Maximum number of bytes transferred during a session (default is 1 GB). When this value is reached, a session renegotiation occurs. Set to 0 to disable.
ssh.shellHostName
string
Server name visible to clients.
ssh.softwareVersion
string
Use a custom software version in SSH protocol version exchange.