The Zorp SSH proxy is able to enforce policies on the various elements of the encrypted SSH communication, such as the MAC, key-exchange, etc. algorithms that are permitted to be used. The parameters can be set separately for the client and for the server side. The attributes are represented as comma-separated strings listing the enabled methods/algorithms, in the order of preference.

Key exchange algorithms

The permitted key exchange algorithms can be specified via the client_kex_algos and server_kex_algos attributes. The Zorp SSH proxy supports the diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1 algorithms.

Host key algorithms

The permitted host key algorithms can be specified via the client_hostkey_algos and server_hostkey_algos attributes. The supported algorithms are ssh-rsa and ssh-dss.

Symmetric cipher algorithms

The permitted symmetric cipher algorithms can be specified via the client_cipher_algos and server_cipher_algos attributes. The following algorithms are supported: aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr.

MAC algorithms

The permitted MAC algorithms can be specified via the client_mac_algos and server_mac_algos attributes. The supported algorithms are: hmac-sha1 and hmac-md5.