What Ciphers, Key Exchange Algorithms and Message Authentication Code (MAC) Algorithms PAM's SSH Applet (Mindterm) supports?

Document ID : KB000103894
Last Modified Date : 07/08/2018
Show Technical Document Details
Introduction:
When we configure SSH server on target devices we may restrict to highly secure Ciphers, Key Exchange algorithms and Message Authentication Code (MAC) algorithms for SSH communication. If we wish these target devices to be accessible from PAM utilizing its SSH Applet (Mindterm) then we need to make sure there is matching Ciphers, Key Exchange algorithms and Message Authentication Code (MAC) algorithms, otherwise SSH communication won't be establish. This article lists supported Ciphers, Key Exchange and MAC algorithms by SSH Applet (Mindterm).
 
Question:
What Ciphers, Key Exchange algorithms, MAC algorithms does SSH Applet (Mindterm) support?
Environment:
PAM version 2.8.3.x, 2.8.4.1, 3.0.x, 3.1.x, 3.2
Answer:
Here are the Ciphers, Key Exchange and MAC algorithms utilized by SSH Applet (Mindterm).

Version 2.8.3.x
Ciphers:
  aes128-ctr,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour

Key Exchange algorithms: 
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 2.8.4.1
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,rijndael-cbc@lysator.liu.se

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 3.0.x
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,rijndael-cbc@lysator.liu.se

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 3.1.x
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,rijndael-cbc@lysator.liu.se

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 3.2
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,rijndael-cbc@lysator.liu.se

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,hmac-sha256-2@ssh.com,hmac-sha256@ssh.com,hmac-sha512@ssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96