Supported SSH Capabilities  Supported SSH Capabilities

Supported SSH Capabilities

Dmitry Machulo Dmitry Machulo

SSH is a protocol for creating encrypted network connections on insecure networks, such as the Internet. It's a secure replacement for Telnet. When you log in to an SSH server, all credentials are transmitted securely, including your password and private SSH key.

SSH works over TCP, which means that if the network connection is interrupted, the session may be lost – that's where Mosh comes in handy.

Below is a comprehensive list of which SSH capabilities are currently supported and which will be added soon.

Key exchange methods

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group1-sha1

Host key types

  • ssh-rsa
  • ssh-dss
  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • rsa-sha2-256 sign-only
  • rsa-sha2-512 sign-only
  • hmac-ripemd160
  • hmac-ripemd160@openssh.com
  • (Coming soon) ssh-rsa-cert-v01@openssh.com
  • (Coming soon) ssh-dss-cert-v01@openssh.com
  • (Coming soon) ssh-ecdsa-sha2-nistp256-cert-v01@openssh.com
  • (Coming soon) ssh-ecdsa-sha2-nistp384-cert-v01@openssh.com
  • (Coming soon) ssh-ecdsa-sha2-nistp521-cert-v01@openssh.com
  • (Coming soon) ssh-ed25519-cert-v01@openssh.com

Ciphers

  • chacha20-poly1305@openssh.com
  • aes128-ctr
  • aes128-cbc
  • aes192-ctr
  • aes192-cbc
  • aes256-ctr
  • aes256-cbc
  • rijndael-cbc@lysator.liu.se
  • 3des-cbc
  • blowfish-cbc
  • arcfour
  • arcfour128
  • cast128-cbc
  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com

MAC hashes

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-ripemd160
  • umac-64@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-128-etm@openssh.com
  • hmac-sha1-etm@openssh.com
  • hmac-sha1-96-etm@openssh.com
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com
  • hmac-md5-etm@openssh.com
  • hmac-md5-96-etm@openssh.com

Authentication methods

  • Password
  • Public key
  • Keyboard-Interactive
  • Two-Factor Authentication
  • (Coming soon) certificate

Key formats

  • PEM
  • OpenSSH*
  • PPK

* As of now, except those keys encrypted with the GCM algorithms

Key types

  • RSA
  • DSA in PEM format*
  • ECDSA (curves 256, 384 521)
  • ed25519
  • ed25519-sk
  • ecdsa-sk
  • PuTTY-DSA
  • PuTTY-RSA
  • PuTTY-ECDSA
  • PuTTY-ed25519

*DSA keys that are in the OpenSSH format are not supported.

Please, submit a feature request, if you'd like DSA keys in the OpenSSH format to be supported.

Proxy

  • HTTP
  • SOCKS5
  • SOCKS4, supported by the mobile apps only

Mosh (Mobile Shell)

Mosh is a companion protocol to SSH that maintains sessions when TCP is interrupted. It employs a parallel UDP session which can keep the session alive if TCP breaks. That also enables Mosh to maintain its own terminal buffer that intelligently echoes your input, even if the server is slow or the network lags. No more waiting patiently on slow connections to see what you typed.

The enhancements provided by Mosh are really important to reliable mobile connectivity. If your device changes networks or loses connection, Mosh can keep your session alive until your connection is re-established.

The Mosh service is distinct from SSH, and must be installed and configured separately on your host system. Once the service is up and running, you’re free to roam with Termius — just enable Mosh in your host entry, and connect.

Termius uses its own library for Mosh compatibility.

Termius is compatible with Mosh 1.3.0 and newer versions.

Was this article helpful?

5 out of 9 found this helpful

Add comment

Please sign in to leave a comment.