What Ciphers, Key Exchange Algorithms and Message Authentication Code (MAC) Algorithms PAM's SSH Applet (Mindterm) supports?

book

Article ID: 103894

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

When we configure SSH server on target devices we may restrict to highly secure Ciphers, Key Exchange algorithms and Message Authentication Code (MAC) algorithms for SSH communication. If we wish these target devices to be accessible from PAM utilizing its SSH Applet (Mindterm) then we need to make sure there is matching Ciphers, Key Exchange algorithms and Message Authentication Code (MAC) algorithms, otherwise SSH communication won't be establish. This article lists supported Ciphers, Key Exchange and MAC algorithms by SSH Applet (Mindterm).
 

What Ciphers, Key Exchange algorithms, MAC algorithms does SSH Applet (Mindterm) support?

Environment

PAM version 2.8.3.x, 2.8.4.1, 3.0.x, 3.1.x, 3.2

Resolution

Here are the Ciphers, Key Exchange and MAC algorithms utilized by SSH Applet (Mindterm).

Version 2.8.3.x
Ciphers:
  aes128-ctr,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour

Key Exchange algorithms: 
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 2.8.4.1
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,[email protected]

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 3.0.x
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,[email protected]

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 3.1.x
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,[email protected]

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Version 3.2
Ciphers:
  aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-ctr,blowfish-cbc,aes192-cbc,aes256-cbc,3des-ctr,3des-cbc,arcfour,[email protected]

Key Exchange algorithms:
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

MAC algorithms:
  hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96