General / How To

Which algorithms are supported for SFTP?

When publishing to an SFTP server, Cascade CMS supports the following algorithms:

KEX algorithms:

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • ext-info-c
  • kex-strict-c-v00@openssh.com
  • diffie-hellman-group-exchange-sha1*
  • diffie-hellman-group1-sha1*
  • diffie-hellman-group14-sha1*
  • diffie-hellman-group-exchange-sha256*
  • ecdh-sha2-nistp256*
  • ecdh-sha2-nistp384*
  • ecdh-sha2-nistp521*

Host key algorithms:

  • ssh-ed25519
  • rsa-sha2-512
  • rsa-sha2-256
  • ssh-rsa**
  • ssh-dss**
  • ecdsa-sha2-nistp256*
  • ecdsa-sha2-nistp384*
  • ecdsa-sha2-nistp521*

Ciphers:

  • aes128-gcm@openssh.com
  • aes256-gcm@openssh.com
  • blowfish-cbc*
  • 3des-cbc*
  • aes128-cbc*
  • aes192-cbc*
  • aes256-cbc*
  • 3des-ctr*
  • aes128-ctr*
  • aes192-ctr*
  • aes256-ctc*
  • arcfour*
  • arcfour128*
  • arcfour256*

MACs:

  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512-etm@openssh.com
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha1
  • hmac-md5*
  • hmac-md5-96*
  • hmac-sha1*
  • hmac-sha1-96*
Note: Items denoted with an asterisk (*) above are considered older/insecure algorithms and should only be used for backwards compatibility purposes. Wherever possible, we recommend disabling these on the target web server and instead utilizing the more secure algorithms.
Back to Top ↑

Related Links