Which host key algorithms are supported in Titan SFTP Server?
Reasoning
As an admin, I would like to know which host key algorithms are supported so we can communicate this to our end users and ensure they can establish a secure connection with Titan SFTP Server.
Answer
In Titan SFTP Server, we support a variety of different host key algorithms, but it is important to understand that the algorithms available depend on the host key type applied to the server.
Supported Host Key Algorithm Chart:
|
|
|
|
|
ssh-rsa (SHA-1)
rsa-sha2-256 (RSA with SHA-256)
rsa-sha2-512 (RSA with SHA-512)
|
|
|
ecdsa-sha2-nistp256 (ECDSA over the P-256 curve)
ecdsa-sha2-nistp384(ECDSA over the P-384 curve)
ecdsa-sha2-nistp521 (ECDSA over the P-521 curve)
|
|
|
ssh-ed25519 (edDSA over Curve25519)
|
|
|
ssh-dss (DSA with SHA-1, deprecated)
|
|
|
|
Explanation of Key Types:
|
|
RSA (Rivest–Shamir–Adleman): Common and widely supported, but SHA-1-based ssh-rsa is deprecated due to security concerns.
|
|
ECDSA (Elliptic Curve Digital Signature Algorithm): Preferred for higher security with shorter key lengths.
|
|
ED25519 (Edwards-Curve Digital Signature Algorithm): Newer, more efficient algorithm based on elliptic curves.
|
|
DSA (Digital Signature Algorithm): Deprecated and no longer recommended due to security vulnerabilities and performance issues.
|
|
|
|
|
Notes:
- EDDSA is not in the list of server host keys but it is supported and can be created using PuttyGen or any other 3rd party software and imported into Titan for use as your SSH/SFTP server host key.
- The key type selected determines the available host key algorithms.
- ECDSA and ED25519 are preferred for their performance and security.
- RSA is still widely supported but stronger hashing algorithms (rsa-sha2-256 and rsa-sha2-512) are recommended for modern security.
| |