APPROVED SSH SECURITY ALGORITHMS
Georgia SoftWorks 2024
Not all SSH implementations are considered secure. Both clients and servers must support modern components of the SSH protocol and routinely audited for vulnerablities. Georgia SoftWorks prides itself on continuously engaging with the Information Security Community, ensuring the cryptographic algorithms supported by our SSH software are state-of-the-art. This diagram represents the general consensus of cryptographers and security research organizations worldwide on which algorithms are considered secure for enterprise use as of Feburary 8th, 2024.
CategoriesSH includes several categories of security algorithms that are responsible for securing different aspects of the protocol |
Host Key Algorithms | Key Exchange Algorithms | Message Authentication Codes (MACs) | CIPHERS | Public Key Algorithms |
PurposeEach category has specific purposes during various stages of the protocol operation |
Server authenticates itself to the client. Used by the client to verify that they are connecting to the correct host | Used to derive encryption keys and initialization vectors used by ciphers and MAC’s | Used to protect data integrity and prevent replay attacks | PrivacyAlgorithms performing encryption/decryption of the data being transferred | Client authenticates itself to the server. Proves to the Host that the client is who they say they are |
PreventsEach algorithm category provides a unique function, thwarting attacks that would intercept or modify data. |
|
|
|
|
|
Secure AlgorithmsAlgorithms with no known practical attacks are listed for reference: |
ssh-ed25519
rsa-sha2-512 rsa-sha2-256 |
curve25519-sha256@libssh.org
curve25519-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 kex-strict-v001 Note: kex-strict-v001 is an extension to the SSH protocol, and is required for secure usage of chacha20-poly1305 |
hmac-sha2-512-etm@openssh.com
hmac-sha2-256-etm@openssh.com |
aes256-ctr aes128-ctr aes192-ctr These ciphers are safe when used with the specified MACs |
ssh-ed25519
rsa-sha2-512 rsa-sha2-256 |
| Use of insecure algorithms could result in compromise, rendering your SSH connection exploitable by threat actors:
|
|||||
Compromise May Result In:Not all SSH algorithms are Secure  |
Impersonation of remote server, user credential theft | Complete loss of session integrity, confidentiality if shared secret is derived | Undetected modification of encrypted data | Loss of channel confidentiality | Unauthorized access to:
|
Host Key Algorithms
Each category has specific purposes during various stages of the protocol operation
- Man-in-the -middle
- IP Spoof ing
ssh -ed25519
rsa-sha2-512
rsa-sha2-256
Attacker can impersonate the attacked server, steal user credentials and gain access to the server
Key Exchange Algorithms
Used to derive encryption keys and initialization vectors used by ciphers and MAC’s
- Man-in-the-middle
- A weak encryption key
curve25519-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
Decryption of User Data
Message Authentication Codes (MACs)
Used to protect data integrity and prevent replay attacks
- Man-in-the-middle
- Replay attack
- Modif ication of session data on the fly
All the data transferred is compromised
Attacker can change and inject data at will
CIPHERS
PrivacyAlgorithms performing encryption/decryption of the data being transferred
- Attacker being able to see the data
aes256-ctr
aes128-ctr
aes192-ctr
These ciphers are safe when used with the specified MACs
Decryption of User Data
Public Key Algorithms
Client authenticates itself to the server. Proves to the Host that the client is who they say they are
- Unauthorized access
ssh -ed25519
rsa-sha2-512
rsa-sha2-256
Unauthorized access to:
- Interactive Shell
- Port Forwarding
- File System
- Secure Subsystems on Server
