Please note we have updated our SSH client starting with Unimus 2.2.3. The table below applies to version 2.2.3 or newer.
Unimus contains its own built-in SSH client. Please note when running on Linux, configuration of your OpenSSH client ("~/.ssh") is NOT applied to Unimus' SSH client.
Currently the Unimus SSH client supports the following cryptography for outbound device connections:
Supported KEX:
curve25519-sha256, curve25519-sha256@libssh.org, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521 |
Supported ciphers:
3des-cbc, 3des-ctr, aes128-cbc, aes128-ctr, aes128-gcm@openssh.com, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, aes256-gcm@openssh.com, blowfish-cbc |
Supported MAC:
hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96, hmac-sha1-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com |
Supported DH size:
DH min: 1024 DH max: 8192 |
In some environments, you might have requirements on which SSH crypto algos you can use. In this case, you can adjust which algorithms Unimus accepts when connecting to a server.
You can set configuration options in the service config files to achieve this.
On Linux these are located in:
On Windows:
The options you can set are:
-Dunimus.core.ssh.kex=kex1,kex2,kex3,kex4,...kexX -Dunimus.core.ssh.cipher=cipher1,cipher2,cipher3,cipher4,...cipherX -Dunimus.core.ssh.mac=mac1,mac2,mac3,mac4,...macX -Dunimus.core.ssh.dh-min=1024 -Dunimus.core.ssh.dh-preferred=2048 -Dunimus.core.ssh.dh-max=8192 |
For details on supported SSH keys and key formats, please see this article:
SSH key types and formats