SSH and RDP connections

SSH client check and change password algorithms

When Password Safe checks and changes passwords, it uses the below list of algorithms to connect and communicate.

Authentication Methods	Password, Public key, Keyboard interactive
Encryption Algorithms	AES, Triple DES, Blowfish, blowfish-ct, blowfish-cbc,
Encryption Modes	CBC, CTR
Host Key Algorithms	RSA, DSS, ecdsa-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, ssh-ed25519
Key Exchange Algorithms	curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 (disabled by default), diffie-hellman-group-exchange-sha1 (disabled by default), diffie-hellman-group1-sha1 (disabled by default)
MAC Algorithms	MD5, SHA-1, SHA-2, HMAC-MD5, HMAC-MD5-96, HMAC-SHA1-96, [email protected], [email protected], [email protected]
Symmetric Key Algorithms	arcfour256, arcfour128, arcfour

The following algorithms are disabled by default:

diffie-hellman-group1-sha1	arcfour256	HMAC-SHA1-96
diffie-hellman-group-exchange-sha1	arcfour128	aes256-cbc
blowfish-ctr	arcfour	aes192-cbc
blowfish-cbc	HMAC-MD5	aes128-cbc
3des-cbc	HMAC-MD5-96

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ SshKeyExchangeAlgorithms (DWORD) = 1023
Enables all key exchange algorithms

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ SshEncryptionAlgorithms (DWORD) = 31 (Sets all encryption algorithms)

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ MacAlgorithms (DWORD) = 15 (Sets all MAC algorithms)

ℹ️
These values are in decimal.

Weak RSA server host keys shorter than 1024 bits are rejected by default. Use the following registry key to change this setting:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ SshMinimumRsaKeySize (DWORD) = 1024 (Size of key in bits)