List of ciphers, kex, DH, ....

[Paradisebaker]

Tried to find a complete list of all supported ciphers & co that can be used in JSCH. Reason is, some newer devices return negotiation errors. My suspicion is that I need to change the order / adjust the usage of some ciphers or kex or mac. Here is the current config that the software uses:

jsch 5 4 diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,3des-ctr,aes128-ctr,aes192-ctr,aes256-ctc,arcfour,arcfour128,arcfour256 ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96

in one instance I would need aes256-gcm or aes-256-ctr as cipher, in another case hmac-sha2-256-etm@openssh.com.

so, if I knew which ones are supported and the naming, then I would be able to adjust my config.

Thanks for any help.

[mwiede]

i.e. you can look it up in the code. for example this is the default for kex: https://github.com/mwiede/jsch/blob/a6bb519128456d5a776cd1feff77faa32bf793b6/src/main/java/com/jcraft/jsch/JSch.java#L42

But it does not list all supported, because some are considered unsecure. All supported ones have an entry in the config map. it also depends which java version you use and or whether you have bouncycastle on the classpath

[Paradisebaker]

Thank you, that was exactly what I was looking for.

[cjdhein]

@mwiede if that default is being overridden, is the "jsch.kex" system property on that line the only place it would be getting an alternative value from? Or are there other locations it could be overridden from?

[mwiede]

@cjdhein there is the alternative of using the ~/.ssh/config file using OpensshConfig as described on the wiki section https://github.com/mwiede/jsch/wiki/Jsch-Configuration#connecting-to-a-legacy-server