AbsoluteTelnet/ssh supports an extensive set of crypto algorithms to connect to just about ANY modern standard compliant SSH server. Through configuration, users are able to enable or disable individual algorithms or change their order of preference. Occasionally, older algorithms will be DEPRECATED and may be flagged as such in newer versions or removed from the software entirely.
DEFINITIONS: Supported Algorithms: All algorithms supported in AbsoluteTelnet/ssh code. NEW algorithms can only be added in newer versions of the software. See algorithm lists below. Deprecated Algorithms: Algorithms formally or informally discouraged from use, either by documented standard or general consensus. Only new versions of the software can move algorithms into this category. Disabled Algorithms: Algorithms that won’t be used during connection. Initially, all deprecated algorithms are also disabled, but as a user option, you can control which are disabled or enabled. As of Version 12.17, Absolute will recommend re-enabling a disabled algorithm but only when absolutely necessary for backward compatibility to older servers. Compatible Algorithms: Decided at connection time, the client and server decide which algorithms will be used. If a compatible set can’t be found, the connection terminates. Preferred Algorithms: Algorithm preference is determined by the ORDER in which they appear in their respective list. Generally, the more secure and faster algorithms are at the top of the list and slower, deprecated or disabled algorithms appear at the bottom. The lists here are the APPLICATION DEFAULT lists, though through configuration, lists can be re-ordered and individual algorithms can be disabled for any connection.
As of version 12.17, Absolute supports the following algorithms in each category.
NIST “Disallows” use of 3des after December 31, 2023. However, according to RFC4253, it is ‘REQUIRED’ so until it’s formally deprecated for SSH, we’ll lower it in preference order but leave it enabled. In practice, most servers now implement the more preferred AES.