Here’s a summarized version of the content from the ServiceNow MID Server SSH Cryptographic Algorithms documentation to help answer your question:

Here’s a summarized version of the content from the ServiceNow MID Server SSH Cryptographic Algorithms documentation to help answer your question:

MID Server SSH Cryptographic Algorithms Overview

The MID Server uses SSH clients to perform discovery actions. During the SSH handshake, the client and server negotiate supported algorithms, and the client selects the highest-priority algorithm that both parties support.

Default Supported SSH Algorithms by Priority

1. Key Exchange Algorithms:
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521
• diffie-hellman-group-exchange-sha256
• diffie-hellman-group14-sha256
• diffie-hellman-group16-sha512
• diffie-hellman-group14-sha1
• diffie-hellman-group1-sha1
• diffie-hellman-group-exchange-sha1
2. Host Key Algorithms (used for public key signature during authentication):
• ssh-ed25519-cert-v01@openssh.com
• rsa-sha2-512-cert-v01@openssh.com
• rsa-sha2-256-cert-v01@openssh.com
• ssh-ed25519
• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• rsa-sha2-512
• rsa-sha2-256
• ssh-rsa-cert-v01@openssh.com
• ssh-rsa
• ssh-dss
3. Cipher Algorithms:
• aes128-ctr
• aes192-ctr
• aes256-ctr
• aes128-cbc
• aes192-cbc
• aes256-cbc
4. MAC Algorithms:
• hmac-sha2-256
• hmac-sha1
• hmac-sha2-512
• hmac-sha1-96
• hmac-md5-96
• hmac-md5

Customizing the SSH Algorithm Priority List

The MID Server allows customization of SSH algorithm priorities to meet specific security needs. Each algorithm type is controlled by a specific MID Server property:

1. Key Exchange Algorithms: mid.ssh.algorithms.kex
2. Host Key Algorithms: mid.ssh.algorithms.host_key
3. Cipher Algorithms: mid.ssh.algorithms.cipher
4. MAC Algorithms: mid.ssh.algorithms.mac

How to Customize:

• The properties accept comma-separated lists of algorithms.
• The first algorithm in the list has the highest priority, and the last has the lowest.
• Operators can be used to modify the default list:
• + Appends algorithms to the default list.
• - Removes algorithms from the default list.
• ^ Places algorithms at the front of the default list.

Example:

To add hmac-sha2-512-etm@openssh.com and hmac-sha2-256-etm@openssh.com to the MAC algorithm list:

+hmac-sha2-512-etm@openssh.com,+hmac-sha2-256-etm@openssh.com

Steps to Customize MID Server SSH Algorithms

1. Navigate to MID Server Properties:
• In ServiceNow, go to MID Server > Properties.
2. Add or Update the Relevant Property:
• For example, to customize MAC algorithms, update the mid.ssh.algorithms.mac property with the required algorithms.
3. Save the Changes:
• Save the updated property.
4. Restart the MID Server:
• Restart the MID Server to apply the changes.
5. Test the Configuration:
• Run a discovery job to ensure the required algorithms are being used.

Important Notes

• Glide Import: The mid.ssh.algorithms.* properties do not affect Glide Import because it uses SNCSSH, not the MID Server.
• Security Compliance: Ensure the added algorithms comply with your organization's security policies.
• FIPS Mode: If the MID Server is running in FIPS mode, ensure the algorithms are FIPS-compliant.

If you believe the solution provided has adequately addressed your query, could you please **mark it as 'Helpful'** and **'Accept it as a Solution'**? This will help other community members who might have the same question find the answer more easily.

Thank you for your consideration

Selva Arun