How can I find a list of MACs, Ciphers, and KexAlgorithms that my openssh client supports?
Relevant OpenSSH man page: https://man.openbsd.org/ssh#Q
Ciphers
:ssh -Q cipher
MACs
:ssh -Q mac
KexAlgorithms
:ssh -Q kex
PubkeyAcceptedKeyTypes
:ssh -Q key
You can also remotely probe a ssh server for its supported ciphers with recent nmap versions:
nmap --script ssh2-enum-algos -sV -p <port> <host>
And there is an online service called sshcheck.com
as well (and a pretty large number of similar scanner projects as I just found out).
Just a quick tip that if you want to compare 2 servers you can use @eckes method like this:
$ sdiff -bW <(nmap --script ssh2-enum-algos -sV -p 22 192.168.1.107) <(nmap --script ssh2-enum-algos -sV -p 22 192.168.1.10)
Starting Nmap 6.47 ( http://nmap.org ) at 2018-01-22 22:35 ES Starting Nmap 6.47 ( http://nmap.org ) at 2018-01-22 22:35 ES
Nmap scan report for skinner.bubba.net (192.168.1.107) | Nmap scan report for mulder.bubba.net (192.168.1.10)
Host is up (0.0037s latency). | Host is up (0.0031s latency).
PORT STATE SERVICE VERSION PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0) | 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
| ssh2-enum-algos: | ssh2-enum-algos:
| kex_algorithms: (3) | | kex_algorithms: (4)
> | diffie-hellman-group-exchange-sha256
| diffie-hellman-group-exchange-sha1 | diffie-hellman-group-exchange-sha1
| diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1
| diffie-hellman-group1-sha1 | diffie-hellman-group1-sha1
| server_host_key_algorithms: (2) | server_host_key_algorithms: (2)
| ssh-rsa | ssh-rsa
| ssh-dss | ssh-dss
| encryption_algorithms: (13) | encryption_algorithms: (13)
| aes128-ctr | aes128-ctr
| aes192-ctr | aes192-ctr
| aes256-ctr | aes256-ctr
| arcfour256 | arcfour256
| arcfour128 | arcfour128
| aes128-cbc | aes128-cbc
| 3des-cbc | 3des-cbc
| blowfish-cbc | blowfish-cbc
| cast128-cbc | cast128-cbc
| aes192-cbc | aes192-cbc
| aes256-cbc | aes256-cbc
| arcfour | arcfour
| [email protected] | [email protected]
| mac_algorithms: (6) | | mac_algorithms: (9)
| hmac-md5 | hmac-md5
| hmac-sha1 | hmac-sha1
> | [email protected]
> | hmac-sha2-256
> | hmac-sha2-512
| hmac-ripemd160 | hmac-ripemd160
| [email protected] | [email protected]
| hmac-sha1-96 | hmac-sha1-96
| hmac-md5-96 | hmac-md5-96
| compression_algorithms: (2) | compression_algorithms: (2)
| none | none
|_ [email protected] |_ [email protected]
Service detection performed. Please report any incorrect resu Service detection performed. Please report any incorrect resu
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds | Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
In the above I'm showing a side-by-side diff of a CentOS 5.x and 6.x server.
$ ssh [email protected] cat /etc/redhat-release
CentOS release 5.11 (Final)
$ ssh [email protected] cat /etc/redhat-release
CentOS release 6.8 (Final)
The output shows you that you have 4 additional lines in the CentOS 6.x server vs. 5.x.
Reading the output
There's 1 additional kex_algorithm:
- diffie-hellman-group-exchange-sha256
3 additional mac_algorithms:
- [email protected]
- hmac-sha2-256
- hmac-sha2-512