Skip to content

SSH configuration

SSH is the main service of ContainerSSH. It has the following configuration structure:

ssh:
  <options>

The options are as follows:

Name Type Description
listen string IP and port pair to bind the SSH service to. Defaults to 0.0.0.0:2222
serverVersion string Server version string presented to any connecting client. Must start with SSH-2.0-. Defaults to SSH-2.0-ContainerSSH.
ciphers []string List of ciphers the server should support. See the Ciphers section below.
kex []string List of key exchange algorithms the server should support. See the Key exchange section below.
macs []string List of MAC algorithms the server should support. See the MAC section below.
banner []string The banner text to presented to any connecting client.
hostkeys []string List of host keys in PEM format, or file names to read the key from. Generate with openssl genrsa

Configuring the server version

The SSH server version is presented to any connecting client in plain text upon connection. It has the following format:

SSH-2.0-softwareversion <SP> comments

The softwareversion can only contain printable US-ASCII characters without whitespace and minus (-) signs. The comments field is optional and is separated from the softwareversion with a single space. The maximum length of the version string is 255 characters.

Configuring a banner

SSH offers the ability to output a message to the clients before they enter passwords. This can be configured in the banner option. The banner can contain multiple lines.

Ciphers

ContainerSSH supports the following ciphers. The defaults are configured based on Mozilla Modern suite.

Algorithm Default
chacha20-poly1305@openssh.com
aes256-gcm@openssh.com
aes128-gcm@openssh.com
aes256-ctr
aes192-ctr
aes128-ctr
aes128-cbc
arcfour256
arcfour128
arcfour
tripledescbcID

Key exchange

ContainerSSH supports the following key exchange algorithms. The defaults are configured based on Mozilla Modern suite.

Algorithm Default
curve25519-sha256@libssh.org
ecdh-sha2-nistp521
ecdh-sha2-nistp384
ecdh-sha2-nistp256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1

MAC

ContainerSSH supports the following MAC algorithms. The defaults are configured based on Mozilla Modern suite.

Algorithm Default
hmac-sha2-256-etm@openssh.com
hmac-sha2-256
hmac-sha1
hmac-sha1-96