SSH Server Security Algorithms Categories and Lists
It is important to understand the different categories and security algorithm types for SSH, or Secure Shell Server Security Algorithms.
The main categories of Security Algorithms are:
- Host Key Algorithms
- Key Exchange Algorithms
- Ciphers
- MACs or Message Authentication Codes.
Custom List of Algorithms: With the GSW SSH Server, you may also create your own custom list of algorithms from the available algorithms. This gives you the flexibility to restrict connections to only certain strength algorithms or to allow only specific legacy algorithms or any combination thereof.
GSW Default Algorithms List: Georgia SoftWorks determines the best available algorithms for each category at each release. The list of algorithms setup at installation for each category is called the “GSW Default Algorithms list”. No configuration is required to use the GSW Default Algorithms.
FIPS 140-2 Security: Under contract with the United States Military, GSW developed an End-to-End SSH FIPS 140-2 compliant solution to meet their requirements.
The FIPS 140-2 Enabled list is a list of algorithms that does not include any algorithms that are not supported by FIPS 140-2. When you Enable FIPS 140-2 and restart the SSH service, the FIPS 140-2 Enabled list is activated. The FIPS 140-2 Disabled is a list of all the algorithms available.
All Available Algorithms: In some cases, there is no difference in the algorithms available for FIPS 140-2 Enabled and Disabled. We call this list “All Available Algorithms”. Not surprisingly, it is also used to refer to all the available algorithms.
If the empty string is configured for the value, then you get the complete list of algorithms available based on the FIPS 140-2 setting.
Related Material: Learn more about SAFE SSH Algorithms.