flam4_manual-flam4_commands-info-net-ssh-algorithms

ALGORITHMS

Synopsis

HELP:   Modify preferred algorithms lists for handshake
TYPE:   OBJECT
SYNTAX: ALGORITHMS(KEX='str',HOSTKEYS='str',CIPHERS_CS='str',CIPHERS_SC='str',COMPRESS_CS='str',COMPRESS_SC='str',HMAC_CS='str',HMAC_SC='str')

Description

SSH clients and servers support various cryptographic algorithms to secure an SSH connection. In the handshake phase at the beginning of each SSH connection, both parties negotiate the algorithms that will be used for this connection. For this purpose, client and server exchange multiple lists of their respective supported algorithms for each type of algorithm. The algorithm lists are sent in order of preference. In other words, putting an algorithm at the beginning of the list is a suggestion to the other party to prefer this algorithm over others. Algorithms that do not appear in the list cannot be negotiated.

The algos object can be used to specify custom lists of acceptable / preferred algorithms. Each list is a comma-separated string of one or more of the supported algorithms. Unsupported algorithms are silently ignored. Algorithm lists specified via algos object override those specified in any SSH config file.

The handshake will fail if none of the specified algorithms is supported by the server.

Preferences for the following algorithm types can be customized:

KEX: The key exchange algorithms you want to use to negotiate the secret session key
HOSTKEYS: Acceptable host key algorithms for the server's public key in order of preference
CIPHERS: The cipher algorithms allowed for data encryption in order of preference; can be specified separately for each transmission direction
COMPRESSION: The compression algorithms allowed (or 'none'); can be specified separately for each transmission direction
HMAC: The HMAC algorithms allowed for integrity protection; can be specified separately for each transmission direction

To get a list of algorithms supported by the libssh library (shipped with FLAM), connect to any existing SSH server with verbose logging enabled (net.ssh(verbosity=all)) and without specifying the algos object. (For example: flcl info "get.file=ssh://example.com/anypath net.ssh(verbosity=all)") Look for a line containing "Changing host key method to" to find the default algorithm lists (which might already be modified by your SSH configuration files). The relevant log output looks similar to this:

PACKET (ssh_client_select_hostkeys) ssh_client_select_hostkeys: Changing host key method to "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
FUNCTION (ssh_list_kex) ssh_list_kex: kex algos: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,
                                                 diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
FUNCTION (ssh_list_kex) ssh_list_kex: server host key algo: ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
FUNCTION (ssh_list_kex) ssh_list_kex: encryption client->server: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
FUNCTION (ssh_list_kex) ssh_list_kex: encryption server->client: aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
FUNCTION (ssh_list_kex) ssh_list_kex: mac algo client->server: hmac-sha2-256,hmac-sha2-512,hmac-sha1
FUNCTION (ssh_list_kex) ssh_list_kex: mac algo server->client: hmac-sha2-256,hmac-sha2-512,hmac-sha1
FUNCTION (ssh_list_kex) ssh_list_kex: compression algo client->server: none
FUNCTION (ssh_list_kex) ssh_list_kex: compression algo server->client: none

There is another list in the log containing the algorithms supported by the server.

Hardware acceleration

For some algorithms, HW-accelerated cipher and hash functions are used, reducing CPU utilization for cryptographic operations considerably.

On IBM Z hardware, the appropriate CPACF Message Security Assist (MSA) extensions must be available and enabled. The supported MSA version determines which algorithms are implemented in hardware. This is detected automatically during SSH connection establishment. The appropriate implementation is used by default to accelerate data encryption with AES as well as HMAC computation based on MD5, SHA-1 and SHA-2.

On other platforms, the hardware accleration implementation of OpenSSL is used transparently.

Arguments

STRING: KEX='str' - Preferred key exchange algorithms (comma-separated)
STRING: HOSTKEYS='str' - Acceptable hostkey algorithms (comma-separated)
STRING: CIPHERS_CS='str' - Preferred cipher algorithms client-to-server (comma-separated)
STRING: CIPHERS_SC='str' - Preferred cipher algorithms server-to-client (comma-separated)
STRING: COMPRESS_CS='str' - Preferred compression algorithms client-to-server (comma-separated)
STRING: COMPRESS_SC='str' - Preferred compression algorithms server-to-client (comma-separated)
STRING: HMAC_CS='str' - Preferred HMAC algorithms client-to-server (comma-separated)
STRING: HMAC_SC='str' - Preferred HMAC algorithms server-to-client (comma-separated)