The Zorp SSH proxy is able to enforce policies on the various elements of the encrypted SSH communication, such as the MAC, key-exchange, etc. algorithms that are permitted to be used. The parameters can be set separately for the client and for the server side. The attributes are represented as comma-separated strings listing the enabled methods/algorithms, in the order of preference.
Key exchange algorithms
The permitted key exchange algorithms can be specified via the
client_kex_algos
and
server_kex_algos
attributes. The Zorp SSH proxy supports
the diffie-hellman-group14-sha1
and
diffie-hellman-group1-sha1
algorithms.
Host key algorithms
The permitted host key algorithms can be specified via the
client_hostkey_algos
and
server_hostkey_algos
attributes. The supported
algorithms are ssh-rsa
and
ssh-dss
.
Note |
---|
For a hostkey algorithm to work for the clients the corresponding private
key has to be set in the |
Symmetric cipher algorithms
The permitted symmetric cipher algorithms can be specified via the
client_cipher_algos
and
server_cipher_algos
attributes. The following
algorithms are supported: aes128-cbc
,
3des-cbc
, blowfish-cbc
,
cast128-cbc
, arcfour
,
aes192-cbc
, aes256-cbc
,
aes128-ctr
, aes192-ctr
,
aes256-ctr
.
MAC algorithms
The permitted MAC algorithms can be specified via the
client_mac_algos
and
server_mac_algos
attributes. The supported algorithms
are: hmac-sha1
and
hmac-md5
.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu