Page tree
Skip to end of metadata
Go to start of metadata

Please note we have updated our SSH client starting with Unimus 2.2.3. The table below applies to version 2.2.3 or newer.

Default Unimus cryptography configuration

Unimus contains its own built-in SSH client. Please note when running on Linux, configuration of your OpenSSH client ("~/.ssh") is NOT applied to Unimus' SSH client.
Currently the Unimus SSH client supports the following cryptography for outbound device connections:

Supported KEX:

curve25519-sha256,, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256,
diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group1-sha1,
diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256,
ecdh-sha2-nistp384, ecdh-sha2-nistp521

Supported ciphers:

3des-cbc, 3des-ctr, aes128-cbc, aes128-ctr,, aes192-cbc, aes192-ctr,
aes256-cbc, aes256-ctr,, blowfish-cbc

Supported MAC:

hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96,, hmac-sha2-256,, hmac-sha2-512,

Supported DH size:

DH min: 1024
DH max: 8192

Adjusting supported crypto algorithms

In some environments, you might have requirements on which SSH crypto algos you can use. In this case, you can adjust which algorithms Unimus accepts when connecting to a server.

You can set configuration options in the service config files to achieve this.

On Linux these are located in:

  • "/etc/default/unimus" for Unimus Server
  • "/etc/default/unimus-core" for Unimus Core

On Windows:

  • "C:\Program Files\Unimus\Unimus.l4j.ini" for Unimus Server
  • "C:\Program Files\Unimus Core\Unimus Core.l4j.ini" for Unimus Core

The options you can set are:

  • No labels