SSH encryption algorithms are core technologies that ensure SSH security, protecting the confidentiality and integrity of data transmission. SSH uses multiple encryption algorithms to meet different security requirements.
Encryption Algorithm Types
Symmetric Encryption Algorithms
Symmetric encryption uses the same key for encryption and decryption, suitable for encrypting large amounts of data transmission.
AES (Advanced Encryption Standard)
# AES-GCM mode (recommended) aes256-gcm@openssh.com aes128-gcm@openssh.com # AES-CTR mode aes256-ctr aes192-ctr aes128-ctr
Features:
- High performance with hardware acceleration support
- 128/256-bit key length
- GCM mode provides authenticated encryption
- Widely adopted and verified
ChaCha20-Poly1305
chacha20-poly1305@openssh.com
Features:
- Excellent performance on devices without hardware acceleration
- 256-bit key
- Built-in authenticated encryption
- Suitable for mobile devices and ARM architecture
3DES (Triple DES)
3des-cbc # Deprecated, not recommended
Features:
- Slower, lower security
- Only for backward compatibility
- Not recommended for production use
Asymmetric Encryption Algorithms
Asymmetric encryption uses public and private key pairs for authentication and key exchange.
RSA
ssh-rsa rsa-sha2-256 rsa-sha2-512
Features:
- Widely supported
- Key length: 2048/4096 bits
- Slower computation speed
- Suitable for signatures and key exchange
ECDSA (Elliptic Curve DSA)
ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521
Features:
- Smaller key sizes
- Faster computation speed
- Based on elliptic curves
- NIST standard curves
Ed25519
ssh-ed25519
Features:
- Latest signature algorithm
- 256-bit key
- Extremely fast speed
- High security
- Recommended for use
Encryption Modes
CBC (Cipher Block Chaining)
aes256-cbc aes128-cbc
Features:
- Traditional encryption mode
- Requires padding
- Vulnerable to padding attacks
- Not recommended for new systems
CTR (Counter Mode)
aes256-ctr aes128-ctr
Features:
- Stream cipher mode
- No padding required
- Parallel encryption
- Better performance
GCM (Galois/Counter Mode)
aes256-gcm@openssh.com aes128-gcm@openssh.com
Features:
- Authenticated encryption mode
- Provides both encryption and integrity
- High performance
- Recommended for use
Configuring Encryption Algorithms
Server Configuration
# /etc/ssh/sshd_config # Recommended encryption algorithms Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr # Disable insecure algorithms Ciphers -3des-cbc,-aes128-cbc,-aes192-cbc,-aes256-cbc
Client Configuration
# ~/.ssh/config # Specify encryption algorithms Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com # Test connection ssh -c aes256-gcm@openssh.com user@hostname
Performance Comparison
| Algorithm | Encryption Speed | Decryption Speed | Security | Hardware Acceleration |
|---|---|---|---|---|
| AES-256-GCM | Fast | Fast | High | Yes |
| ChaCha20-Poly1305 | Fast | Fast | High | No |
| AES-256-CTR | Fast | Fast | Medium | Yes |
| AES-256-CBC | Medium | Medium | Medium | Yes |
| 3DES | Slow | Slow | Low | Yes |
Security Best Practices
1. Use Modern Algorithms
# Prioritize GCM mode Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
2. Disable Weak Algorithms
# Disable CBC mode and 3DES Ciphers -aes128-cbc,-aes192-cbc,-aes256-cbc,-3des-cbc
3. Regular Updates
# Check supported algorithms ssh -Q cipher # Test algorithm performance ssh -c aes256-gcm@openssh.com -o "Compression yes" user@hostname
4. Monitoring and Auditing
# View encryption algorithm used for connection ssh -v user@hostname 2>&1 | grep "cipher" # Check server algorithms using nmap nmap --script ssh2-enum-algos -p 22 hostname
Common Questions
Q: How to choose between AES-GCM and ChaCha20-Poly1305?
A: AES-GCM performs better on devices with hardware acceleration, while ChaCha20-Poly1305 is superior on devices without hardware acceleration.
Q: Why disable CBC mode?
A: CBC mode is vulnerable to padding oracle attacks.
Q: How to check encryption algorithms supported by server?
A: Use nmap --script ssh2-enum-algos -p 22 hostname or ssh -Q cipher.
Q: How is Ed25519 better than RSA?
A: Ed25519 provides better performance, smaller key sizes, and stronger security.
The choice of SSH encryption algorithms directly affects system security and performance, and proper configuration is an important part of ensuring SSH security.