EncryptionAlgorithms Parameter (Connect-SFTP Cmdlet)

A comma-separated list containing all allowable compression algorithms.


Connect-SFTP -EncryptionAlgorithms string


During the SSH handshake, this list will be used to negotiate the encryption algorithm to be used between the client and server. This list is used for both directions: client to server and server to client. When negotiating algorithms, each side sends a list of all algorithms it supports or allows. The algorithm chosen for each direction is the first algorithm to appear in the sender's list that the receiver supports, so it is important to list multiple algorithms in preferential order. If no algorithm can be agreed upon, the cmdlet will raise an error and the connection will be aborted.

At least one support algorithm must appear in this list. The following encryption algorithms are supported by the cmdlet:

aes256-ctr256-bit AES encryption in CTR mode
aes256-cbc256-bit AES encryption in CBC mode
aes192-ctr192-bit AES encryption in CTR mode
aes192-cbc192-bit AES encryption in CBC mode
aes128-ctr128-bit AES encryption in CTR mode
aes128-cbc128-bit AES encryption in CBC mode
3des-ctr192-bit (3-key) triple DES encryption in CTR mode
3des-cbc192-bit (3-key) triple DES encryption in CBC mode
cast128-cbcCAST-128 encryption
blowfish-cbcBlowfish encryption
arcfourARC4 encryption
arcfour128128-bit ARC4 encryption
arcfour256256-bit ARC4 encryption
aes256-gcm@openssh.com256-bit AES encryption in GCM mode.
aes128-gcm@openssh.com128-bit AES encryption in GCM mode.

By default, "aes256-cbc", the only encryption algorithm recommended by the SSH specification, and "3des-cbc", the only algorithm required, are enabled. It is not recommended to enable "none", as this defeats the purpose of an SSH connection.

Default Value


Copyright (c) 2022 /n software inc. - All rights reserved.
NetCmdlets 2020 - Version 20.0 [Build 8165]