SSH

Host-Key and Public Key Signature Algorithms

Table G.7. Default host-key algorithms (in order of client-side preference)

Name in XMLName in GUIFIPS
rsa-sha2-512rsa-sha2-512
rsa-sha2-256rsa-sha2-256
ssh-rsa-sha256@ssh.comssh-rsa-sha256 (Tectia)
ecdsa-sha2-nistp521ecdsa-sha2-nistp521
ecdsa-sha2-nistp384ecdsa-sha2-nistp384
ecdsa-sha2-nistp256ecdsa-sha2-nistp256
x509v3-sign-rsa-sha256@ssh.comx509v3-sign-rsa-sha256 (Tectia)
x509v3-ecdsa-sha2-nistp256x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp521x509v3-ecdsa-sha2-nistp521
x509v3-rsa2048-sha256x509v3-rsa2048-sha256
ssh-ed25519ssh-ed25519
ecdsa-sha2-nistp256-cert-v01@openssh.comecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.comecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.comecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-ed25519-cert-v01@openssh.comssh-ed25519-cert-v01@openssh.com
rsa-sha2-256-cert-v01@openssh.comrsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512-cert-v01@openssh.comrsa-sha2-512-cert-v01@openssh.com

Table G.8. All supported host-key and public key signature algorithms

Name in XMLName in GUIFIPS
ecdsa-sha2-nistp256ecdsa-sha2-nistp256
ecdsa-sha2-nistp256-cert-v01@openssh.comecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384ecdsa-sha2-nistp384
ecdsa-sha2-nistp384-cert-v01@openssh.comecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521ecdsa-sha2-nistp521
ecdsa-sha2-nistp521-cert-v01@openssh.comecdsa-sha2-nistp521-cert-v01@openssh.com
rsa-sha2-256rsa-sha2-256
rsa-sha2-256-cert-v01@openssh.comrsa-sha2-256-cert-v01@openssh.com
rsa-sha2-512rsa-sha2-512
rsa-sha2-512-cert-v01@openssh.comrsa-sha2-512-cert-v01@openssh.com
ssh-dssssh-dss 
ssh-dss-cert-v01@openssh.comssh-dss-cert-v01@openssh.com 
ssh-dss-sha224@ssh.comssh-dss-sha224 (Tectia)
ssh-dss-sha256@ssh.comssh-dss-sha256 (Tectia)
ssh-dss-sha384@ssh.comssh-dss-sha384 (Tectia)
ssh-dss-sha512@ssh.comssh-dss-sha512 (Tectia)
ssh-ed25519ssh-ed25519
ssh-ed25519-cert-v01@openssh.comssh-ed25519-cert-v01@openssh.com
ssh-rsassh-rsa 
ssh-rsa-cert-v01@openssh.comssh-rsa-cert-v01@openssh.com 
ssh-rsa-sha224@ssh.comssh-rsa-sha224 (Tectia)
ssh-rsa-sha256@ssh.comssh-rsa-sha256 (Tectia)
ssh-rsa-sha384@ssh.comssh-rsa-sha384 (Tectia)
ssh-rsa-sha512@ssh.comssh-rsa-sha512 (Tectia)
x509v3-ecdsa-sha2-nistp256x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp521x509v3-ecdsa-sha2-nistp521
x509v3-rsa2048-sha256x509v3-rsa2048-sha256
x509v3-sign-dssx509v3-sign-dss 
x509v3-sign-dss-sha224@ssh.comx509v3-sign-dss-sha224 (Tectia)
x509v3-sign-dss-sha256@ssh.comx509v3-sign-dss-sha256 (Tectia)
x509v3-sign-dss-sha384@ssh.comx509v3-sign-dss-sha384 (Tectia)
x509v3-sign-dss-sha512@ssh.comx509v3-sign-dss-sha512 (Tectia)
x509v3-sign-rsax509v3-sign-rsa 
x509v3-sign-rsa-sha224@ssh.comx509v3-sign-rsa-sha224 (Tectia)
x509v3-sign-rsa-sha256@ssh.comx509v3-sign-rsa-sha256 (Tectia)
x509v3-sign-rsa-sha384@ssh.comx509v3-sign-rsa-sha384 (Tectia)
x509v3-sign-rsa-sha512@ssh.comx509v3-sign-rsa-sha512 (Tectia)
x509v3-ssh-dssx509v3-ssh-dss 
x509v3-ssh-rsax509v3-ssh-rsa