MID Server SSH cryptographic algorithms

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of MID Server SSH Cryptographic Algorithms

    The MID Server uses SSH clients for discovery actions, determining supported cryptographic algorithms during the SSH handshake. The client selects the highest priority algorithm that both parties support for secure communication.

    Show full answer Show less

    Key Features

    • Default Supported Algorithms: Various algorithms are pre-defined by priority across key exchange, host key, cipher, and MAC algorithms to ensure secure connections.
    • Customizable Algorithm Priorities: Customers can modify the SSH algorithm priorities based on specific security requirements using designated MID Server properties.

    Key Outcomes

    • Improved security through the selection of strong cryptographic algorithms during SSH communications.
    • Flexibility to adjust algorithm priorities based on organizational security policies without affecting Glide Import functionality.

    The MID Server utilizes SSH clients to perform many discovery actions. During the SSH handshake, both the client and server first determine which algorithms both parties support, then client picks the highest priority algorithm. For the Host Key Algorithm, the client picks highest priority algorithm which both parties support that matches the key type.

    Set-up indicator for security phaseEnsure that the MID Server can connect to elements inside and outside your networkDownload and install the MID Server on a Linux or Windows hostConfigure your MID ServerConfigure MID Server securityEnsure that the MID Server can connect to elements inside and outside your networkDownload and install the MID Server on a Linux or Windows hostConfigure your MID ServerConfigure MID Server security

    Default supported SSH algorithms by priority

    Key Exchange Algorithm
    1. ecdh-sha2-nistp256
    2. ecdh-sha2-nistp384​
    3. ecdh-sha2-nistp521​
    4. diffie-hellman-group-exchange-sha256​
    5. diffie-hellman-group14-sha256​
    6. diffie-hellman-group16-sha512​
    7. diffie-hellman-group14-sha1​
    8. diffie-hellman-group1-sha1​
    9. diffie-hellman-group-exchange-sha1
    Host Key Algorithm​ (used for public key signature during authentication)
    1. ecdsa-sha2-nistp256​
    2. ecdsa-sha2-nistp384​
    3. ecdsa-sha2-nistp521​
    4. rsa-sha2-256​
    5. rsa-sha2-512​
    6. ssh-rsa​
    7. ssh-dss
    Cipher Algorithm​
    1. aes128-ctr​
    2. aes192-ctr​
    3. aes256-ctr​
    4. aes128-cbc​
    5. aes192-cbc​
    6. aes256-cbc​
    MAC Algorithm
    1. hmac-sha2-256​
    2. hmac-sha1​
    3. hmac-sha2-512​
    4. hmac-sha1-96​
    5. hmac-md5-96​
    6. hmac-md5

    Customize the SSH algorithms priority list

    The MID Server SSH algorithm priorities can be customized based on security needs. Each algorithm is controlled by one of the following MID Server properties.

    Note:
    Glide Import on the instance uses the default algorithm list. The four MID Server properties do not affect Glide Import because it is not run on the MID server. SNCSSH is used for Glide Import on instance for SFTP and SCP.

    • Key Exchange algorithms: mid.ssh.algorithms.kex

    • Host Key algorithms: mid.ssh.algorithms.host_key

    • Cipher algorithms: mid.ssh.algorithms.cipher

    • MAC algorithms: mid.ssh.algorithms.mac

    The properties accept comma separated lists with operators. The first name in the list is highest priority, last name in list is lowest priority. Adding a comma separated list without any operators replaces the default algorithm list. The following operators are based on the OpenSSH standard syntax and modify the algorithm priority list.
    • The + operator appends the comma separated list of algorithms to the default algorithm list.
    • The - operator removes the comma separated list of algorithms from the default algorithm list.
    • The ^ operator places the comma separated list of algorithms at the front of the default algorithm list.
    The MID Server properties using the operators to customize the SSH algorithm lists.