Editing SSH configuration options


SSH gateway provides full flexibility for configuring the SSH protocol, including compression, ciphers, key exchange etc.

This article gives an overview of what settings are available and where to find them.


1. NIC binding and port

Log on to the web UI as admin, then navigate to System->Interfaces->SSH. Click the Edit button next to the Default SSH interface.


The first section is Standard. The Interfaces tab is where you tell the service on which network interfaces to listen on as well as the port to use for SSH. Note that if no interfaces are included this is equivalent to, or all interfaces.


The Protocol tab is where you can select which host keys you want to use for server identification (these keys are set up in Configuration->Host Keys).


2. Algorithms

Click on the Algorithms section. The first tab allows you to set the Compression options (from a choice of none and/or zlib) for Client->Server and Server->Client as well as the Compression Level. You can also alter the preferred order of compression using the up and down arrows.


The Ciphers tab allows you to select which ciphers you want to use and set the preferred order again, from a choice of:

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • 3des-ctr


The Macs tab gives you all the hashing algorithm options, choose from:

  • hmac-sha256
  • hmac-sha512
  • hmac-sha2-256
  • hmac-sha1
  • hmac-sha1-96
  • hmac-md5
  • hmac-md5-96




The Key Exchange tab can be used to alter either the diffie-hellman or elliptic curve key exchange options. The choices here are:

  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521


You can also alter settings to restart the key exchange after a defined number of packets, or by transfer limit.



3. Connection

Click on the Connection section.
The Connection tab can be used to alter the idle timeout, keep-alives and packet length.


The Authentication tab is where you can set the banner message displayed to users, as well as the maximum authentication attempts.


4. Services

Lastly the Services tab has settings relating to SFTP/SCP as well as Packet Forwarding options.

Have more questions? Submit a request