Supported Key Exchange Algorithms
Key exchange (KEX) algorithms establish the shared secret used to derive encryption keys for the SSH session. ZestSSH supports the following KEX algorithms.
Algorithms
Section titled “Algorithms”| Property | Value |
|---|---|
| Type | Elliptic Curve Diffie-Hellman |
| Curve | Curve25519 |
| Hash | SHA-256 |
The recommended default. Curve25519 is a modern elliptic curve designed for speed, security, and resistance to side-channel attacks. It provides ~128 bits of security with a fast, constant-time implementation.
This is the most widely deployed KEX algorithm in modern SSH servers (OpenSSH 6.5+).
ecdh-sha2-nistp256
Section titled “ecdh-sha2-nistp256”| Property | Value |
|---|---|
| Type | Elliptic Curve Diffie-Hellman |
| Curve | NIST P-256 (secp256r1) |
| Hash | SHA-256 |
ECDH with the NIST P-256 curve. Provides approximately 128 bits of security. Widely supported, including on FIPS-compliant systems where Curve25519 may not be available.
ecdh-sha2-nistp384
Section titled “ecdh-sha2-nistp384”| Property | Value |
|---|---|
| Type | Elliptic Curve Diffie-Hellman |
| Curve | NIST P-384 (secp384r1) |
| Hash | SHA-384 |
ECDH with the NIST P-384 curve. Provides approximately 192 bits of security.
ecdh-sha2-nistp521
Section titled “ecdh-sha2-nistp521”| Property | Value |
|---|---|
| Type | Elliptic Curve Diffie-Hellman |
| Curve | NIST P-521 (secp521r1) |
| Hash | SHA-512 |
ECDH with the NIST P-521 curve. Provides approximately 256 bits of security. Slightly slower than P-256 due to the larger curve.
diffie-hellman-group-exchange-sha256
Section titled “diffie-hellman-group-exchange-sha256”| Property | Value |
|---|---|
| Type | Diffie-Hellman Group Exchange |
| Hash | SHA-256 |
| Group Exchange | Yes |
The server selects a DH group of an appropriate size (typically 2048-8192 bits). Provides flexibility for high-security environments. Group exchange negotiation adds a round trip to the handshake.
diffie-hellman-group-exchange-sha1
Section titled “diffie-hellman-group-exchange-sha1”| Property | Value |
|---|---|
| Type | Diffie-Hellman Group Exchange |
| Hash | SHA-1 |
| Group Exchange | Yes |
Same as above but uses SHA-1 for the exchange hash. SHA-1 is deprecated for collision resistance but is not directly exploitable in the KEX context. Included for compatibility with older servers.
diffie-hellman-group14-sha256
Section titled “diffie-hellman-group14-sha256”| Property | Value |
|---|---|
| Type | Fixed-Group Diffie-Hellman |
| Group | Group 14 (2048-bit) |
| Hash | SHA-256 |
Fixed 2048-bit DH group with SHA-256. Good compatibility with servers that support RFC 4253 but not elliptic curve algorithms.
diffie-hellman-group14-sha1
Section titled “diffie-hellman-group14-sha1”| Property | Value |
|---|---|
| Type | Fixed-Group Diffie-Hellman |
| Group | Group 14 (2048-bit) |
| Hash | SHA-1 |
Fixed 2048-bit DH group with SHA-1. Widely supported as a baseline. Less preferred than the SHA-256 variant.
diffie-hellman-group1-sha1
Section titled “diffie-hellman-group1-sha1”| Property | Value |
|---|---|
| Type | Fixed-Group Diffie-Hellman |
| Group | Group 1 (1024-bit) |
| Hash | SHA-1 |
1024-bit DH group. Not recommended --- 1024-bit DH is considered weak against well-funded adversaries. Included only for connecting to very old servers that support nothing else. Modern OpenSSH disables this algorithm by default.
Recommendation
Section titled “Recommendation”For most connections, [email protected] is the best choice. It is fast, secure, and supported by virtually all modern SSH servers.
If connecting to FIPS-compliant systems, use ecdh-sha2-nistp256 or ecdh-sha2-nistp384.
If connecting to legacy servers, diffie-hellman-group14-sha256 provides acceptable security with wide compatibility.
Negotiation
Section titled “Negotiation”ZestSSH presents its KEX algorithms to the server in preference order. The first algorithm supported by both sides is used. If negotiation fails (no common algorithm), the connection is rejected.
To check which KEX algorithms a server supports:
ssh -Q kex # on the server