Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Building `libssh2` for Windows (Win32/Win64) is a lot harder than I hoped for

Steps for now (I'm not happy at all on how to get rid of VCRUNTIME140.DLL):

  1. Install Visual Studio 2015 community edition from https://www.visualstudio.com/en-us/downloads/download-visual-studio-vs.aspx (as of writing: http://download.microsoft.com/download/D/2/3/D23F4D0F-BA2D-4600-8725-6CCECEA05196/vs_community_ENU.exe or http://download.microsoft.com/download/b/e/d/bedddfc4-55f4-4748-90a8-ffe38a40e89f/vs2015.3.com_enu.iso )
  2. Download CMake via https://cmake.org/download/ back then https://cmake.org/files/v3.6/cmake-3.6.2-win64-x64.msi
  3. Install and ensure to add CMake to the PATH for all users:

https://www.dropbox.com/s/ss5xke97iy4yyka/Screenshot%202016-09-13%2009.36.54.png?raw=1

  1. Run this script on a new command-line:

    git clone https://github.com/libssh2/libssh2.git
    pushd libssh2
    
    :: Try to force Static libraries (so VCRUNTIME140.DLL is not needed; hopefully this links libvcruntime.lib instead of vcruntime.lib)
    pushd cmake
    > c_flag_overrides.cmake type NUL
    >> c_flag_overrides.cmake echo    if(MSVC)
    >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
    >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_MINSIZEREL_INIT     "/MT /O1 /Ob1 /D NDEBUG")
    >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_RELEASE_INIT        "/MT /O2 /Ob2 /D NDEBUG")
    >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
    >> c_flag_overrides.cmake echo    endif()
    
    > cxx_flag_overrides.cmake type NUL
    >> cxx_flag_overrides.cmake echo    if(MSVC)
    >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
    >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_MINSIZEREL_INIT     "/MT /O1 /Ob1 /D NDEBUG")
    >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_RELEASE_INIT        "/MT /O2 /Ob2 /D NDEBUG")
    >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
    >> cxx_flag_overrides.cmake echo    endif()
    
    > MSVCC_static_linking.cmake type NUL
    >> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE
    >> MSVCC_static_linking.cmake echo    ${CMAKE_CURRENT_SOURCE_DIR}/cmake/c_flag_overrides.cmake)
    >> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE_CXX
    >> MSVCC_static_linking.cmake echo    ${CMAKE_CURRENT_SOURCE_DIR}/cmake/cxx_flag_overrides.cmake)
    
    >> max_warnings.cmake echo include(MSVCC_static_linking)
    popd
    
    :: the above trick with C*_FLAGS* doesn't work so go the PowerShell way of globally replacing the generated VC++ project files
    :: http://stackoverflow.com/questions/251557/escape-angle-brackets-in-a-windows-command-prompt
    > fix-vcxproj-files.ps1 type NUL
    >> fix-vcxproj-files.ps1 echo  $projectFiles = Get-ChildItem . *.vcxproj -Recurse
    >> fix-vcxproj-files.ps1 echo  foreach ($projectFile in $projectFiles) {
    >> fix-vcxproj-files.ps1 echo      (Get-Content $projectFile.PSPath).
    >> fix-vcxproj-files.ps1 echo        Replace('^<UseOfMfc^>false^</UseOfMfc^>', '^<UseOfMfc^>Static^</UseOfMfc^>').
    >> fix-vcxproj-files.ps1 echo        Replace('^<RuntimeLibrary^>MultiThreadedDebugDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreadedDebug^</RuntimeLibrary^>').
    >> fix-vcxproj-files.ps1 echo        Replace('^<RuntimeLibrary^>MultiThreadedDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreaded^</RuntimeLibrary^>') ^|
    >> fix-vcxproj-files.ps1 echo      Set-Content $projectFile.PSPath
    >> fix-vcxproj-files.ps1 echo  }
    
    mkdir buildWin64
    pushd buildWin64
    :: Generate build for MSVS 2015
    ::cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
    cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release"
    powershell -file ..\fix-vcxproj-files.ps1
    :: this fails bitching about v100 not being there:
    :: cmake --build . --config "Visual Studio 14 Win64"
    :: this just works:
    set Platform=
    call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"
    call msbuild libssh2.sln /p:Configuration=Release /p:Platform=x64
    dumpbin /headers example\Release\libssh2.dll | find "machine"
    dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
    tdump64 example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
    popd
    
    mkdir buildWin32
    pushd buildWin32
    :: Generate build for MSVS 2015
    :: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
    cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release"
    powershell -file ..\fix-vcxproj-files.ps1
    set Platform=
    call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\vcvars32.bat"
    call msbuild libssh2.sln /p:Configuration=Release /p:Platform=Win32
    dumpbin /headers example\Release\libssh2.dll | find "machine"
    dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
    tdump example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
    popd
    
    popd
    

The above trick will create a libssh2.dll that is statically linked with libvcruntime.lib instead of vcruntime.lib which means you do not need to have VCRUNTIME140.DLL or VCRUNTIME140D.DLL on your system.

:: future: need x86 and x64 of zlib. only useful if you have very well compressible data.
:: git clone https://github.com/madler/zlib.git
:: prereqs are the full (not light!) Win32 and Win64 OpenSSL versions at http://slproweb.com/products/Win32OpenSSL.html
:: download both and install them (with `Copy the OpenSSL DLLs to:` option set to `The OpenSSL binaries (/bin) directory`) into:
:: - C:\OpenSSL-Win32
:: - C:\OpenSSL-Win64
::
:: Downloads at time of writing:
:: - http://slproweb.com/download/Win32OpenSSL-1_0_2j.exe
:: - http://slproweb.com/download/Win64OpenSSL-1_0_2j.exe
:: without OpenSSL, you will see these in the build logs and your sshlib2.dll will have limited algorithms:
::-- Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR (missing: OPENSSL_LIBRARIES) (found version "1.0.2h")
::-- Could NOT find Libgcrypt (missing: LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR)
:: Possibly no need for the environment variables as when installed, OpenSSL is detected automagically:
::-- Found OpenSSL: optimized;C:/OpenSSL-Win64/lib/ssleay32.lib;debug;C:/OpenSSL-Win64/lib/VC/ssleay32MDd.lib;optimized;C:/OpenSSL-Win64/lib/libeay32.lib;debug;C:/OpenSSL-Win64/lib/VC/libeay32MDd.lib (found version "1.0.2j")
::-- Found OpenSSL: optimized;C:/OpenSSL-Win32/lib/ssleay32.lib;debug;C:/OpenSSL-Win32/lib/VC/ssleay32MDd.lib;optimized;C:/OpenSSL-Win32/lib/libeay32.lib;debug;C:/OpenSSL-Win32/lib/VC/libeay32MDd.lib (found version "1.0.2j")
:: Although if we want static linking, we need the MTd and MT directories from OpenSSL
:: despite a few days of work, this batch file still procudes a libssh2.dll that depends on the OpenSSL DLLs
:: none of the tries to make stuff statically link the .lib files seem to work, though the VCRUNTIME140.DLL dependency is now gone.
:: cmake options: https://github.com/libssh2/libssh2/blob/master/docs/INSTALL_CMAKE
:: -D"ENABLE_ZLIB_COMPRESSION=ON" requires ZLIB_LIBRARY to be defined
:: -D"CRYPTO_BACKEND=WinCNG" leaves out some ciphers (aes128-ctr, aes256-ctr, aes192-ctr) and MAC algorithms (hmac-ripemd160, hmac-ripemd160@openssh.com)
:: so you really don't want WinCNG
:: -D"CRYPTO_BACKEND=OpenSSL" needs LIBEAY*.DLL but includes more ciphers (aes128-ctr, aes256-ctr, aes192-ctr) and MAC algorithms (hmac-ripemd160, hmac-ripemd160@openssh.com)
:: could not find out how to use Libgcrypt or mbedTLS as the libssh2 build instructions are very limited
:: -D"BUILD_SHARED_LIBS=OFF" creates a .LIB; -D"BUILD_SHARED_LIBS=1" creates a .DLL
:: -D"BUILD_TESTING=OFF"
:: -D"BUILD_EXAMPLES=OFF"
:: WinCNG support https://stackoverflow.com/questions/31550993/git-ssh-in-visual-studio-2015/37010403#37010403
:: since we need environment variables
setlocal
:: these require / slashes in the path names, not \ backslashes
:: simple reason: unix based build tools do not like Windows based path delimiters.
set OpenSSLWin32Directory=C:/OpenSSL-Win32
set OpenSSLWin64Directory=C:/OpenSSL-Win64
if not exist libssh2\nul goto :libssh2NotYetExists
:: * Win9x and others doesn't like ``EXISTS libssh2'' so change it to ``EXISTS libssh2\nul''.
echo Directory libssh2 already exists; bailing out.
goto :end
:libssh2NotYetExists
if exist %OpenSSLWin32Directory%\nul goto :haveOpenSSLWin32
echo Directory %OpenSSLWin32Directory% does not exist; bailing out.
goto :end
:haveOpenSSLWin32
if exist %OpenSSLWin64Directory%\nul goto :haveOpenSSLWin64
echo Directory %OpenSSLWin64Directory% does not exist; bailing out.
goto :end
:haveOpenSSLWin64
:: https://github.com/TrinityCore/TrinityCore/issues/9355#issuecomment-14487233
:: In Cmake GUI, click "Advanced", find "OPENSSL_INCLUDE_DIR" and change it to C:/OpenSSL-WinXX/include.
:: Find "OPENSSL_ROOT_DIR" and change it to C:/OpenSSL-WinXX".
set Win32OPENSSL_ROOT_DIR=%OpenSSLWin32Directory%
set Win32OPENSSL_INCLUDE_DIR=%Win32OPENSSL_ROOT_DIR%/include
set Win32OPENSSL_LIBRARIES=%Win32OPENSSL_ROOT_DIR%/lib/VC/static
set Win64OPENSSL_ROOT_DIR=%OpenSSLWin64Directory%
set Win64OPENSSL_INCLUDE_DIR=%Win64OPENSSL_ROOT_DIR%/include
set Win64OPENSSL_LIBRARIES=%Win64OPENSSL_ROOT_DIR%/lib/VC/static
:: maybe extra variables are needed:
:: - https://cmake.org/cmake/help/v3.0/module/FindOpenSSL.html
:: - http://stackoverflow.com/questions/16248775/cmake-not-able-to-find-openssl/27506352#27506352
:main
:: based on https://gist.github.com/jpluimers/2bf514d658488a7ddfc189b0677a3a57
git clone https://github.com/libssh2/libssh2.git
if exist libssh2\nul goto :haveLibssh2
echo libssh2 does not exist; bailing out.
goto :end
:haveLibssh2
pushd libssh2
:: Try to force Static libraries (so VCRUNTIME140.DLL is not needed; hopefully this links libvcruntime.lib instead of vcruntime.lib)
pushd cmake
> c_flag_overrides.cmake type NUL
>> c_flag_overrides.cmake echo if(MSVC)
>> c_flag_overrides.cmake echo set(CMAKE_C_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
>> c_flag_overrides.cmake echo set(CMAKE_C_FLAGS_MINSIZEREL_INIT "/MT /O1 /Ob1 /D NDEBUG")
>> c_flag_overrides.cmake echo set(CMAKE_C_FLAGS_RELEASE_INIT "/MT /O2 /Ob2 /D NDEBUG")
>> c_flag_overrides.cmake echo set(CMAKE_C_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
>> c_flag_overrides.cmake echo endif()
> cxx_flag_overrides.cmake type NUL
>> cxx_flag_overrides.cmake echo if(MSVC)
>> cxx_flag_overrides.cmake echo set(CMAKE_CXX_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
>> cxx_flag_overrides.cmake echo set(CMAKE_CXX_FLAGS_MINSIZEREL_INIT "/MT /O1 /Ob1 /D NDEBUG")
>> cxx_flag_overrides.cmake echo set(CMAKE_CXX_FLAGS_RELEASE_INIT "/MT /O2 /Ob2 /D NDEBUG")
>> cxx_flag_overrides.cmake echo set(CMAKE_CXX_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
>> cxx_flag_overrides.cmake echo endif()
> MSVCC_static_linking.cmake type NUL
>> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE
>> MSVCC_static_linking.cmake echo ${CMAKE_CURRENT_SOURCE_DIR}/cmake/c_flag_overrides.cmake)
>> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE_CXX
>> MSVCC_static_linking.cmake echo ${CMAKE_CURRENT_SOURCE_DIR}/cmake/cxx_flag_overrides.cmake)
>> max_warnings.cmake echo include(MSVCC_static_linking)
popd
:: the above trick with C*_FLAGS* doesn't work so go the PowerShell way of globally replacing the generated VC++ project files
:: http://stackoverflow.com/questions/251557/escape-angle-brackets-in-a-windows-command-prompt
> fix-vcxproj-files.ps1 type NUL
>> fix-vcxproj-files.ps1 echo $projectFiles = Get-ChildItem . *.vcxproj -Recurse
>> fix-vcxproj-files.ps1 echo foreach ($projectFile in $projectFiles) {
>> fix-vcxproj-files.ps1 echo (Get-Content $projectFile.PSPath).
>> fix-vcxproj-files.ps1 echo Replace('^<UseOfMfc^>false^</UseOfMfc^>', '^<UseOfMfc^>Static^</UseOfMfc^>').
>> fix-vcxproj-files.ps1 echo Replace('^<RuntimeLibrary^>MultiThreadedDebugDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreadedDebug^</RuntimeLibrary^>').
>> fix-vcxproj-files.ps1 echo Replace('^<RuntimeLibrary^>MultiThreadedDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreaded^</RuntimeLibrary^>') ^|
>> fix-vcxproj-files.ps1 echo Set-Content $projectFile.PSPath
>> fix-vcxproj-files.ps1 echo }
:: maybe OPENSSL_MSVC_STATIC_RT works beter: try this in the future, maybe combined with OPENSSL_USE_STATIC_LIBS. See https://cmake.org/cmake/help/v3.5/module/FindOpenSSL.html
mkdir buildWin64
pushd buildWin64
:: set OPENSSL_ROOT_DIR=%Win64OPENSSL_ROOT_DIR%
:: set OPENSSL_INCLUDE_DIR=%Win64OPENSSL_INCLUDE_DIR%
:: set OPENSSL_LIBRARIES=%Win64OPENSSL_LIBRARIES%
:: Generate build for MSVS 2015
::cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
:: cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release"
:: with OpenSSL DLL:
:: cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL"
cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_USE_STATIC_LIBS=TRUE" -D"OPENSSL_MSVC_STATIC_RT=TRUE"
:: cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_ROOT_DIR=%OPENSSL_ROOT_DIR%" -D"OPENSSL_LIBRARIES=%OPENSSL_LIBRARIES%"
:: cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=WinCNG"
:: needs to be after the above cmake as that one generates the vcxproj files
powershell -file ..\fix-vcxproj-files.ps1
:: this fails bitching about v100 not being there:
:: cmake --build . --config "Visual Studio 14 Win64"
:: this just works:
set Platform=
call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"
call msbuild libssh2.sln /p:Configuration=Release /p:Platform=x64
:: to find out various build aspects (like imports from VCRUNTIME140 and oher DLLs)
dumpbin /headers example\Release\libssh2.dll | find "machine"
dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
tdump64 example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
popd
mkdir buildWin32
pushd buildWin32
:: set OPENSSL_ROOT_DIR=%Win32OPENSSL_ROOT_DIR%
:: set OPENSSL_INCLUDE_DIR=%Win32OPENSSL_INCLUDE_DIR%
:: set OPENSSL_LIBRARIES=%Win32OPENSSL_LIBRARIES%
:: Generate build for MSVS 2015
:: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
:: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release"
:: with OpenSSL DLL:
:: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL"
cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_USE_STATIC_LIBS=TRUE" -D"OPENSSL_MSVC_STATIC_RT=TRUE"
:: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_ROOT_DIR=%OPENSSL_ROOT_DIR%" -D"OPENSSL_LIBRARIES=%OPENSSL_LIBRARIES%"
:: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=WinCNG"
:: needs to be after the above cmake as that one generates the vcxproj files
powershell -file ..\fix-vcxproj-files.ps1
set Platform=
call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\vcvars32.bat"
call msbuild libssh2.sln /p:Configuration=Release /p:Platform=Win32
:: to find out various build aspects (like imports from VCRUNTIME140 and oher DLLs)
dumpbin /headers example\Release\libssh2.dll | find "machine"
dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
tdump example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
popd
popd
:end
endlocal
############################################################################
Summary of testing libssh2 client against opensuse Tumbleweed openssh server
############################################################################
- Server side opensuse Tumbleweed with sshd OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016
- default mode (no modifications in /etc/ssh/sshd_config)
- secure mode (applying https://github.com/comotion/gone/blob/github/modules/ssh)
- Client side Windowx 86 with x86 libssh2 dll versions
- libssh2_1.2.6
- libssh2_1.7.0_DEV (without OpenSSL means WinCNG)
- libssh2_1.8.1_DEV (without OpenSSL means WinCNG; with OpenSSL has more ciphers/MACs but requires extra DLLs)
Summary:
- plain libssh2_1.7.0_DEV and libssh2_1.8.1_DEV won't connect to default/secure sshd as there is no matching cipher (so key exchange is working)
- libssh2_1.2.6 only connects to default as secure has too few ciphers
- secure sshd with added ``aes256-cbc`` might work for the plain libssh2 DLLs, but there are aes-cbc attacks since 2008: http://www.kb.cert.org/vuls/id/958563
- libssh2_1.8.1_DEV with OpenSSL connects fine
https://www.libssh2.org/
Capabilities and Features
- Key Exchange Methods: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256
- Hostkey Types: ssh-rsa, ssh-dss
- Ciphers: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, arcfour128, none
- Compression Schemes: zlib, zlib@openssh.com, none
- MAC hashes: hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160 (hmac-ripemd160@openssh.com), none
- Authentication: none, password, public-key, hostbased, keyboard-interactive
- Channels: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem
- Global Requests: tcpip-forward
- Channel Requests: x11, pty, exit-signal, keepalive@openssh.com
- Subsystems: sftp(version 3), publickey(version 2)
- SFTP: statvfs@openssh.com, fstatvfs@openssh.com
- Thread-safe: just don't share handles simultaneously
- Non-blocking: it can be used both blocking and non-blocking
- Your sockets: the app hands over the socket, calls select() etc.
- Crypto backends: OpenSSL, libgcrypt, mbedTLS or WinCNG (native since Windows Vista): builds with either
(table made with http://table-editor.com)
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| category/comment | sshd secure | sshd default | secure to libssh2_1.2.6 | secure to libssh2_1.7.0_DEV | default to libssh2_1.2.6 | default to libssh2_1.7.0_DEV | ** https://www.libssh2.org/ ** | libssh2_1.8.1_DEV WinCNG | libssh2_1.8.1_DEV OpenSSL 1.0.2.j |
+=====================================================+======================================+======================================+=========================================+============================================================================================+==========================================================================================================================+============================================================================================+=============================================+==========================================+===================================================================================================+
| ``kex_algorithms`` | | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | curve25519-sha256@libssh.org | curve25519-sha256@libssh.org | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | ecdh-sha2-nistp256 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | ecdh-sha2-nistp384 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | ecdh-sha2-nistp521 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | diffie-hellman-group-exchange-sha256 | diffie-hellman-group-exchange-sha256 | | **diffie-hellman-group-exchange-sha256** | | **diffie-hellman-group-exchange-sha256** | diffie-hellman-group-exchange-sha256 | **diffie-hellman-group-exchange-sha256** | **diffie-hellman-group-exchange-sha256** |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (libssh2) | | | | diffie-hellman-group-exchange-sha1 | | diffie-hellman-group-exchange-sha1 | diffie-hellman-group-exchange-sha1 | diffie-hellman-group-exchange-sha1 | diffie-hellman-group-exchange-sha1 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1 | **diffie-hellman-group14-sha1** | diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (libssh2) | | | diffie-hellman-group-exchange-sha1 | | diffie-hellman-group-exchange-sha1 | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ``server_host_key_algorithms`` | | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | ssh-rsa | ssh-rsa | **ssh-rsa** | **ssh-rsa** | **ssh-rsa** | **ssh-rsa** | ssh-rsa | **ssh-rsa** | **ssh-rsa** |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | rsa-sha2-512 | rsa-sha2-512 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | rsa-sha2-256 | rsa-sha2-256 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | ssh-dss | ssh-dss | ssh-dss | ssh-dss | ssh-dss | ssh-dss | ssh-dss | ssh-dss | ssh-dss |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | ecdsa-sha2-nistp256 | ecdsa-sha2-nistp256 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | ssh-ed25519 | ssh-ed25519 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ``encryption_algorithms`` (``ciphers``) | | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | chacha20-poly1305@openssh.com | chacha20-poly1305@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | aes256-ctr | aes128-ctr | aes128-ctr | | aes128-ctr | | aes128-ctr | | aes128-ctr |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | aes192-ctr | aes192-ctr | aes192-ctr | | aes192-ctr | | aes192-ctr | | aes192-ctr |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | aes128-ctr | aes256-ctr | aes256-ctr | | aes256-ctr | | aes256-ctr | | aes256-ctr |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | aes128-gcm@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | aes256-gcm@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | aes256-cbc | aes256-cbc | aes256-cbc | aes256-cbc | aes256-cbc (rijndael-cbc@lysator.liu.se) | aes256-cbc | aes256-cbc |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se | rijndael-cbc@lysator.liu.se |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | aes192-cbc | aes192-cbc | aes192-cbc | aes192-cbc | aes192-cbc | aes192-cbc | aes192-cbc |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | aes128-cbc | aes128-cbc | aes128-cbc | aes128-cbc | aes128-cbc | aes128-cbc | aes128-cbc |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | blowfish-cbc | | blowfish-cbc | | blowfish-cbc | | blowfish-cbc |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | arcfour128 | arcfour128 | arcfour128 | arcfour128 | arcfour128 | arcfour128 | arcfour128 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | arcfour | arcfour | arcfour | arcfour | arcfour | arcfour | arcfour |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | cast128-cbc | | cast128-cbc | | cast128-cbc | | cast128-cbc |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | 3des-cbc | 3des-cbc | 3des-cbc | 3des-cbc | 3des-cbc | 3des-cbc | 3des-cbc |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | | | | | none | | none |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ``mac_algorithms`` | | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | umac-64-etm@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | | umac-128-etm@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | hmac-sha2-512-etm@openssh.com | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | hmac-sha2-256-etm@openssh.com | hmac-sha2-256-etm@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | | hmac-sha2-512-etm@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | hmac-ripemd160-etm@openssh.com | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | hmac-sha1-etm@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (server/client) | | | | hmac-sha2-256 | | hmac-sha2-256 | hmac-sha2-256 | hmac-sha2-256 | hmac-sha2-256 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (server/client) | | | | hmac-sha2-512 | | hmac-sha2-512 | hmac-sha2-512 | hmac-sha2-512 | hmac-sha2-512 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | hmac-sha1 | hmac-sha1 | hmac-sha1 | hmac-sha1 | hmac-sha1 | hmac-sha1 | hmac-sha1 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | hmac-sha1-96 | hmac-sha1-96 | hmac-sha1-96 | hmac-sha1-96 | hmac-sha1-96 | hmac-sha1-96 | hmac-sha1-96 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | umac-128-etm@openssh.com | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | umac-64@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | | umac-128@openssh.com | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | hmac-sha2-512 | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | hmac-sha2-256 | hmac-sha2-256 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | | hmac-sha2-512 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | hmac-md5 | hmac-md5 | hmac-md5 | hmac-md5 | hmac-md5 | hmac-md5 | hmac-md5 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | hmac-md5-96 | hmac-md5-96 | hmac-md5-96 | hmac-md5-96 | hmac-md5-96 | hmac-md5-96 | hmac-md5-96 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | hmac-ripemd160 | | hmac-ripemd160 | | hmac-ripemd160 | | hmac-ripemd160 (hmac-ripemd160@openssh.com) | | hmac-ripemd160 |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| --> note different order (secure/default) | umac-128@openssh.com | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | hmac-sha1 | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | hmac-ripemd160@openssh.com | | hmac-ripemd160@openssh.com | | hmac-ripemd160@openssh.com | | hmac-ripemd160@openssh.com |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | | | | | none | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ``compression_algorithms`` | | | | | | | | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | none | none | | | | | none | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | zlib@openssh.com | zlib@openssh.com | | | | | zlib@openssh.com | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| | | | | | | | zlib | | |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- | ---- |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
| **VERDICT** | | | *no matching key exchange method found* | *no matching cipher found*; kex: **diffie-hellman-group-exchange-sha256** with **ssh-rsa** | cipher: **aes128-ctr**; MAC: **hmac-sha1**; compression: **none**; kex: **diffie-hellman-group14-sha1** with **ssh-rsa** | *no matching cipher found*; kex **diffie-hellman-group-exchange-sha256** with: **ssh-rsa** | | | kex: **diffie-hellman-group14-sha1** with **ssh-rsa**; cipher: **aes128-ctr**; MAC: **hmac-sha1** |
+-----------------------------------------------------+--------------------------------------+--------------------------------------+-----------------------------------------+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+---------------------------------------------+------------------------------------------+---------------------------------------------------------------------------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.