Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: expand SSH algorithm list for compatibility with modern OpenSSH …#32

Merged
bvisible merged 1 commit into
bvisible:mainfrom
YoungHong1992:fix/update-ssh-algorithms
May 16, 2026
Merged

fix: expand SSH algorithm list for compatibility with modern OpenSSH …#32
bvisible merged 1 commit into
bvisible:mainfrom
YoungHong1992:fix/update-ssh-algorithms

Conversation

@YoungHong1992

Copy link
Copy Markdown
Contributor

The hardcoded algorithm list was missing modern algorithms used by
OpenSSH 9.x servers (Debian 12, Ubuntu 24.04):

  • KEX: add curve25519-sha256 and diffie-hellman-group15/16-sha512
  • ServerHostKey: add rsa-sha2-512 and rsa-sha2-256 (RFC 8332)
  • Cipher: add @openssh.com GCM variants
  • HMAC: add encrypt-then-mac (@openssh.com ETM) variants

Legacy algorithms (diffie-hellman-group14-sha1, ssh-rsa, CBC ciphers)
are preserved at lower preference for backward compatibility with older
SSH servers.

…servers

The hardcoded algorithm list was missing modern algorithms used by
OpenSSH 9.x servers (Debian 12, Ubuntu 24.04):

- KEX: add curve25519-sha256 and diffie-hellman-group15/16-sha512;
  remove diffie-hellman-group14-sha1 from primary preference
- ServerHostKey: add rsa-sha2-512 and rsa-sha2-256 (RFC 8332)
- Cipher: add @openssh.com GCM variants and chacha20-poly1305
- HMAC: add encrypt-then-mac (@openssh.com ETM) variants

Legacy algorithms (diffie-hellman-group14-sha1, ssh-rsa, CBC ciphers)
are preserved at lower preference for backward compatibility with
older SSH servers.
@bvisible bvisible merged commit 63c5783 into bvisible:main May 16, 2026
@bvisible

Copy link
Copy Markdown
Owner

Thanks @YoungHong1992 for the contribution! Merged via --admin since the CI runs were never triggered on this PR (first-time contributor approval gate on forks).

I reviewed the diff carefully before merging:

Targeted change — only touches the algorithm list in src/ssh-manager.js:46-51, which is the single source of truth (no duplication in index.js or session-manager.js).

Backward-compatible — all legacy algorithms (diffie-hellman-group14-sha1, ssh-rsa, CBC ciphers, sha1 HMACs) are preserved at lower preference. Existing connections to older servers keep working.

Addresses a real problem — OpenSSH 9.x on Debian 12 / Ubuntu 24.04 removed many legacy algorithms from its default offer. Without your additions (curve25519-sha256, rsa-sha2-512/256 per RFC 8332, GCM @openssh.com variants, ETM HMACs), the ssh2 lib fails handshake on modern stock servers.

Properly ordered — modern algorithms first (preferred), legacy last (fallback). This matches OpenSSH's own preference ordering.

This will ship in the next release. Thanks again for the well-scoped, well-documented fix! 🙏

bvisible added a commit that referenced this pull request May 16, 2026
Modern OpenSSH 9.x compatibility — handshake against Debian 12 /
Ubuntu 24.04 stock servers (#32, @YoungHong1992).

- KEX: curve25519-sha256, dh-group15/16-sha512
- HostKey: rsa-sha2-512/256 (RFC 8332)
- Cipher: GCM @openssh.com variants
- HMAC: ETM @openssh.com variants

Legacy algorithms preserved at lower preference — fully
backward-compatible with older servers (CentOS 7, Debian 10, AIX).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants