EncryptionAlgorithms Parameter (Invoke-SSH Cmdlet)
A comma-separated list containing all allowable compression algorithms.
Invoke-SSH -EncryptionAlgorithms string
During the SSH handshake, this list will be used to negotiate the encryption algorithm to be used between the client and server. This list is used for both directions: client to server and server to client. When negotiating algorithms, each side sends a list of all algorithms it supports or allows. The algorithm chosen for each direction is the first algorithm to appear in the sender's list that the receiver supports, so it is important to list multiple algorithms in preferential order. If no algorithm can be agreed upon, the cmdlet will raise an error and the connection will be aborted.
At least one support algorithm must appear in this list. The following encryption algorithms are supported by the cmdlet:
|aes256-ctr||256-bit AES encryption in CTR mode|
|aes256-cbc||256-bit AES encryption in CBC mode|
|aes192-ctr||192-bit AES encryption in CTR mode|
|aes192-cbc||192-bit AES encryption in CBC mode|
|aes128-ctr||128-bit AES encryption in CTR mode|
|aes128-cbc||128-bit AES encryption in CBC mode|
|3des-ctr||192-bit (3-key) triple DES encryption in CTR mode|
|3des-cbc||192-bit (3-key) triple DES encryption in CBC mode|
|arcfour128||128-bit ARC4 encryption|
|arcfour256||256-bit ARC4 encryption|
|email@example.com||256-bit AES encryption in GCM mode.|
|firstname.lastname@example.org||128-bit AES encryption in GCM mode.|
By default, "aes256-cbc", the only encryption algorithm recommended by the SSH specification, and "3des-cbc", the only algorithm required, are enabled. It is not recommended to enable "none", as this defeats the purpose of an SSH connection.