Supported SSH Capabilities  Supported SSH Capabilities

Supported SSH Capabilities

Eugene Oskin Eugene Oskin

SSH is a protocol for creating encrypted network connections on insecure networks, such as the Internet. It's a secure replacement for Telnet. When you log in to an SSH server, all credentials are transmitted securely, including your password and private SSH key.

SSH works over TCP, which means that if the network connection is interrupted, the session may be lost – that's where Mosh comes in handy.

Below is a comprehensive list of SSH capabilities that are currently supported and that will be added soon.

Key exchange methods

  • curve25519-sha256
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group1-sha1

Host key types

  • ssh-rsa
  • ssh-dss
  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • rsa-sha2-256 sign-only
  • rsa-sha2-512 sign-only
  • hmac-ripemd160


  • aes128-ctr
  • aes128-cbc
  • aes192-ctr
  • aes192-cbc
  • aes256-ctr
  • aes256-cbc
  • 3des-cbc
  • blowfish-cbc
  • arcfour
  • arcfour128
  • cast128-cbc

MAC hashes

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-ripemd160

Authentication methods

  • Password
  • Public key
  • Keyboard-Interactive
  • Two-Factor Authentication
  • Certificate

Key formats

  • PEM
  • OpenSSH*
  • PPK

* As of now, except those keys encrypted with the GCM algorithms

Key types

  • RSA
  • DSA in PEM format*
  • ECDSA (curves 256, 384 521)
  • ed25519
  • ed25519-sk
  • ecdsa-sk
  • PuTTY-ed25519

*DSA keys that are in the OpenSSH format are not supported.

Please, submit a feature request, if you'd like DSA keys in the OpenSSH format to be supported.


  • HTTP
  • SOCKS5
  • SOCKS4, supported by the mobile apps only

Mosh (Mobile Shell)

Mosh is a companion protocol to SSH that maintains sessions when TCP is interrupted. It employs a parallel UDP session which can keep the session alive if TCP breaks. That also enables Mosh to maintain its own terminal buffer that intelligently echoes your input, even if the server is slow or the network lags. No more waiting patiently on slow connections to see what you typed.

The enhancements provided by Mosh are really important to reliable mobile connectivity. If your device changes networks or loses connection, Mosh can keep your session alive until your connection is re-established.

The Mosh service is distinct from SSH, and must be installed and configured separately on your host system. Once the service is up and running, you’re free to roam with Termius — just enable Mosh in your host entry, and connect.

Termius uses its own library for Mosh compatibility.

Termius is compatible with Mosh 1.3.0 and newer versions.

Add comment

Please sign in to leave a comment.