The key exchange (KEX) algorithm(s) used for key exchange can be selected
in the sshd2_config
file. Multiple KEXs can be specified as
a comma-separated list.
KEXs diffie-hellman-group14-sha1,diffie-hellman-group14-sha224@ssh.com
The system will attempt to use the different KEX algorithms in the sequence they are specified on the line. The supported KEX algorithms are the following:
diffie-hellman-group14-sha1 | diffie-hellman-group16-sha384@ssh.com |
diffie-hellman-group1-sha1 | diffie-hellman-group16-sha512@ssh.com |
diffie-hellman-group14-sha224@ssh.com | diffie-hellman-group18-sha512@ssh.com |
diffie-hellman-group14-sha256@ssh.com | ecdh-sha2-nistp256 |
diffie-hellman-group15-sha256@ssh.com | ecdh-sha2-nistp384 |
diffie-hellman-group15-sha384@ssh.com | ecdh-sha2-nistp521 |
Special values for this option are the following:
The default KEX algorithms are:
ecdh-sha2-nistp521
,
ecdh-sha2-nistp384
,
ecdh-sha2-nistp256
,
diffie-hellman-group14-sha1
,
diffie-hellman-group14-sha256@ssh.com
.