Skip to content
This repository was archived by the owner on Jan 29, 2023. It is now read-only.

Client Algorithms

Jump to bottom
danopia edited this page Apr 15, 2013 · 13 revisions

OpenSSH

Client header: OpenSSH_6.0p1 Debian-3ubuntu1

{ kexAlgs: 
   [ 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521',
     'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: 
   [ 'ssh-rsa-cert-v01@openssh.com', 'ssh-rsa-cert-v00@openssh.com',
     'ssh-rsa',
     'ecdsa-sha2-nistp256-cert-v01@openssh.com',
     'ecdsa-sha2-nistp384-cert-v01@openssh.com',
     'ecdsa-sha2-nistp521-cert-v01@openssh.com',
     'ssh-dss-cert-v01@openssh.com', 'ssh-dss-cert-v00@openssh.com',
     'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521',
     'ssh-dss' ],
  encAlgs: 
   [ 'aes128-ctr', 'aes192-ctr', 'aes256-ctr',
     'arcfour256', 'arcfour128',
     'aes128-cbc',
     '3des-cbc',
     'blowfish-cbc',
     'cast128-cbc',
     'aes192-cbc', 'aes256-cbc',
     'arcfour',
     'rijndael-cbc@lysator.liu.se' ],
  macAlgs: 
   [ 'hmac-md5',
     'hmac-sha1',
     'umac-64@openssh.com',
     'hmac-sha2-256', 'hmac-sha2-256-96',
     'hmac-sha2-512', 'hmac-sha2-512-96',
     'hmac-ripemd160', 'hmac-ripemd160@openssh.com',
     'hmac-sha1-96',
     'hmac-md5-96' ],
  cprAlgs: 
   [ 'none', 'zlib@openssh.com', 'zlib',
     'none', 'zlib@openssh.com', 'zlib' ] }

OS X

Just an older OpenSSH.

Client header: OpenSSH_5.2

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes128-ctr', 'aes192-ctr', 'aes256-ctr',
     'arcfour256', 'arcfour128',
     'aes128-cbc', '3des-cbc', 'blowfish-cbc',
     'cast128-cbc', 'aes192-cbc', 'aes256-cbc',
     'arcfour',
     'rijndael-cbc@lysator.liu.se' ],
  macAlgs: 
   [ 'hmac-md5', 'hmac-sha1',
     'umac-64@openssh.com',
     'hmac-ripemd160', 'hmac-ripemd160@openssh.com',
     'hmac-sha1-96', 'hmac-md5-96' ],
  cprAlgs: 
   [ 'none', 'zlib@openssh.com', 'zlib' ] }

Putty

Client header: PuTTY_Release_0.62

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1',
     'rsa2048-sha256', 'rsa1024-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes256-ctr', 'aes256-cbc',
     'rijndael-cbc@lysator.liu.se',
     'aes192-ctr', 'aes192-cbc',
     'aes128-ctr', 'aes128-cbc',
     'blowfish-ctr', 'blowfish-cbc',
     '3des-ctr', '3des-cbc',
     'arcfour256', 'arcfour128' ],
  macAlgs: 
   [ 'hmac-sha1', 'hmac-sha1-96', 'hmac-md5' ],
  cprAlgs: [ 'none', 'zlib' ] }

ConnectBot (Android)

Android IRC client, seems to use a pre-built library. Lacks SHA2.

Client header: TrileadSSH2Java_213

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes256-ctr', 'aes192-ctr', 'aes128-ctr',
     'blowfish-ctr',
     'aes256-cbc', 'aes192-cbc', 'aes128-cbc',
     'blowfish-cbc',
     '3des-ctr', '3des-cbc' ],
  macAlgs: 
   [ 'hmac-sha1-96', 'hmac-sha1', 'hmac-md5-96', 'hmac-md5' ],
  cprAlgs: [ 'none' ] }

Net::SSH (Ruby library)

Client header: Ruby/Net::SSH_2.5.2 x86_64-linux

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group1-sha1',
     'diffie-hellman-group14-sha1',
     'diffie-hellman-group-exchange-sha256',
     'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521' ],
  hostKeyAlgs: 
   [ 'ssh-rsa', 'ssh-dss',
     'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521' ],
  encAlgs: 
   [ 'aes128-cbc',
     '3des-cbc',
     'blowfish-cbc',
     'cast128-cbc',
     'aes192-cbc', 'aes256-cbc',
     'rijndael-cbc@lysator.liu.se',
     'idea-cbc',
     'none',
     'arcfour128', 'arcfour256', 'arcfour',
     'aes128-ctr', 'aes192-ctr', 'aes256-ctr',
     'camellia128-cbc', 'camellia192-cbc', 'camellia256-cbc',
     'camellia128-cbc@openssh.org',
     'camellia192-cbc@openssh.org',
     'camellia256-cbc@openssh.org',
     'camellia128-ctr', 'camellia192-ctr', 'camellia256-ctr',
     'camellia128-ctr@openssh.org',
     'camellia192-ctr@openssh.org',
     'camellia256-ctr@openssh.org',
     'cast128-ctr',
     'blowfish-ctr',
     '3des-ctr' ],
  macAlgs: 
   [ 'hmac-sha1', 'hmac-md5',
     'hmac-sha1-96', 'hmac-md5-96',
     'hmac-ripemd160', 'hmac-ripemd160@openssh.com',
     'hmac-sha2-256', 'hmac-sha2-512',
     'hmac-sha2-256-96', 'hmac-sha2-512-96',
     'none' ],
  cprAlgs: 
   [ 'none', 'zlib@openssh.com', 'zlib' ] }

Secure Shell (Google Chrome)

Appears to bundle an older OpenSSH.

Client header: OpenSSH_5.9

{ kexAlgs: 
   [ 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521',
     'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: 
   [ 'ssh-rsa-cert-v01@openssh.com', 'ssh-rsa-cert-v00@openssh.com',
     'ssh-rsa',
     'ecdsa-sha2-nistp256-cert-v01@openssh.com',
     'ecdsa-sha2-nistp384-cert-v01@openssh.com',
     'ecdsa-sha2-nistp521-cert-v01@openssh.com',
     'ssh-dss-cert-v01@openssh.com', 'ssh-dss-cert-v00@openssh.com',
     'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521',
     'ssh-dss' ],
  encAlgs: 
   [ 'aes128-ctr', 'aes192-ctr', 'aes256-ctr',
     'arcfour256', 'arcfour128',
     'aes128-cbc',
     '3des-cbc',
     'blowfish-cbc',
     'cast128-cbc',
     'aes192-cbc', 'aes256-cbc',
     'arcfour',
     'rijndael-cbc@lysator.liu.se' ],
  macAlgs: 
   [ 'hmac-md5', 'hmac-sha1',
     'umac-64@openssh.com',
     'hmac-sha2-256', 'hmac-sha2-256-96',
     'hmac-sha2-512', 'hmac-sha2-512-96',
     'hmac-ripemd160', 'hmac-ripemd160@openssh.com',
     'hmac-sha1-96',
     'hmac-md5-96' ],
  cprAlgs: 
   [ 'zlib@openssh.com', 'zlib', 'none' ] }

JuiceSSH (Android)

Appears to use another Java library. Also lacks SHA2.

Client header: JSCH-0.1.4

{ kexAlgs: 
   [ 'diffie-hellman-group1-sha1', 'diffie-hellman-group14-sha1',
     'diffie-hellman-group-exchange-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes128-ctr', 'aes128-cbc',
     '3des-ctr', '3des-cbc',
     'blowfish-cbc',
     'aes192-cbc', 'aes256-cbc' ],
  macAlgs: 
   [ 'hmac-md5', 'hmac-sha1', 'hmac-sha1-96', 'hmac-md5-96' ],
  cprAlgs: [ 'none' ] }

Ganymend (Java library)

Used by shady Android apps like "Telnet"

Client header: Ganymed Build_250

{ kexAlgs: 
   [ 'diffie-hellman-group-exchange-sha1',
     'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1' ],
  hostKeyAlgs: [ 'ssh-rsa', 'ssh-dss' ],
  encAlgs: 
   [ 'aes256-ctr', 'aes192-ctr', 'aes128-ctr',
     'blowfish-ctr',
     'aes256-cbc', 'aes192-cbc', 'aes128-cbc',
     'blowfish-cbc',
     '3des-ctr', '3des-cbc' ],
  macAlgs: 
   [ 'hmac-sha1-96', 'hmac-sha1', 'hmac-md5-96', 'hmac-md5' ],
  cprAlgs: [ 'none' ] }

Clone this wiki locally