Not all SSH implementations are considered secure. Both clients and servers must support modern components of the SSH protocol and routinely audited for vulnerablities. Georgia SoftWorks prides itself on continuously engaging with the Information Security Community, ensuring the cryptographic algorithms supported by our SSH software are state-of-the-art. This diagram represents the general consensus of cryptographers and security research organizations worldwide on which algorithms are considered secure for enterprise use as of Feburary 8th, 2024.
CategoriesSH includes several categories of security algorithms that are responsible for securing different aspects of the protocol |
Host Key Algorithms | Key Exchange Algorithms | Message Authentication Codes (MACs) | CIPHERS | Public Key Algorithms |
PurposeEach category has specific purposes during various stages of the protocol operation |
Server authenticates itself to the client. Used by the client to verify that they are connecting to the correct host | Used to derive encryption keys and initialization vectors used by ciphers and MAC’s | Used to protect data integrity and prevent replay attacks | PrivacyAlgorithms performing encryption/decryption of the data being transferred | Client authenticates itself to the server. Proves to the Host that the client is who they say they are |
PreventsEach algorithm category provides a unique function, thwarting attacks that would intercept or modify data. |
|
|
|
|
|
Secure AlgorithmsAlgorithms with no known practical attacks are listed for reference: |
ssh-ed25519
rsa-sha2-512 rsa-sha2-256 |
[email protected]
curve25519-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 kex-strict-v001 Note: kex-strict-v001 is an extension to the SSH protocol, and is required for secure usage of chacha20-poly1305 |
[email protected]
[email protected] |
aes256-ctr aes128-ctr aes192-ctr These ciphers are safe when used with the specified MACs |
ssh-ed25519
rsa-sha2-512 rsa-sha2-256 |
Use of insecure algorithms could result in compromise, rendering your SSH connection exploitable by threat actors:
|
|||||
Compromise May Result In:Not all SSH algorithms are Secure |
Impersonation of remote server, user credential theft | Complete loss of session integrity, confidentiality if shared secret is derived | Undetected modification of encrypted data | Loss of channel confidentiality | Unauthorized access to:
|
Each category has specific purposes during various stages of the protocol operation
ssh -ed25519
rsa-sha2-512
rsa-sha2-256
Attacker can impersonate the attacked server, steal user credentials and gain access to the server
Used to derive encryption keys and initialization vectors used by ciphers and MAC’s
Decryption of User Data
Used to protect data integrity and prevent replay attacks
All the data transferred is compromised
Attacker can change and inject data at will
PrivacyAlgorithms performing encryption/decryption of the data being transferred
aes256-ctr
aes128-ctr
aes192-ctr
These ciphers are safe when used with the specified MACs
Decryption of User Data
Client authenticates itself to the server. Proves to the Host that the client is who they say they are
ssh -ed25519
rsa-sha2-512
rsa-sha2-256
Unauthorized access to: