SSH and RDP connections
SSH client check and change password algorithms
When Password Safe checks and changes passwords, it uses the below list of algorithms to connect and communicate.
| Authentication Methods | Password, Public key, Keyboard interactive |
|---|---|
| Encryption Algorithms | AES, Triple DES, Blowfish, blowfish-ct, blowfish-cbc, |
| Encryption Modes | CBC, CTR |
| Host Key Algorithms | RSA, DSS, ecdsa-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, ssh-ed25519 |
| Key Exchange Algorithms | curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 (disabled by default), diffie-hellman-group-exchange-sha1 (disabled by default), diffie-hellman-group1-sha1 (disabled by default) |
| MAC Algorithms | MD5, SHA-1, SHA-2, HMAC-MD5, HMAC-MD5-96, HMAC-SHA1-96 |
| Symmetric Key Algorithms | arcfour256, arcfour128, arcfour |
The following algorithms are disabled by default
| diffie-hellman-group1-sha1 | arcfour256 | HMAC-SHA1-96 |
|---|---|---|
| diffie-hellman-group-exchange-sha1 | arcfour128 | aes256-cbc |
| blowfish-ctr | arcfour | aes192-cbc |
| blowfish-cbc | HMAC-MD5 | aes128-cbc |
| 3des-cbc | HMAC-MD5-96 |
Use the following registry keys to turn on the algorithms
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ SshKeyExchangeAlgorithms (DWORD) = 1023 (enables all key exchange)
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ SshEncryptionAlgorithms (DWORD) = 31 (sets all encryption algorithms)
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ MacAlgorithms (DWORD) = 15 (sets all MAC algorithms)
Note
These values are in decimal.
Weak RSA server host keys shorter than 1024 bits are rejected by default. Use the following registry key to change this setting:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\RetinaCS\ SshMinimumRsaKeySize (DWORD) = 1024 (size of key and bits)
Updated 6 days ago