Community
Participate
Working Groups
Pardon me if this is the wrong product/component, but I have no idea who contributes org.eclipse.jsch.ui. At the moment, Eclipse selects by default some really old (i.e., broken) cryptography on its General > Network Connections > SSH2 preference page. For "MAC methods" it selects (in this order) [X] hmac-md5 [X] hmac-sha1 [X] hmac-sha2-256 [X] hmac-sha1-96 [X] hmac-md5-96 For "Key Exchange Methods" it selects (in this order) [X] diffie-hellman-group1-sha1 [X] diffie-hellman-group14-sha1 [X] diffie-hellman-group-exchange-sha1 [X] diffie-hellman-group-exchange-sha256 I am by no means an expert on cryptography, but maybe we should just follow pre-existing guidelines. Bettercrypto.org's Applied Crypto Hardening [1] suggests (in Section 2.2.1) some selection/ordering of options (not all available in Jsch) for the OpenSSH "MACs" and "KexAlgorithms" we could follow: [X] hmac-sha2-256 [ ] hmac-sha1 [ ] hmac-sha1-96 [ ] hmac-md5 [ ] hmac-md5-96 and [X] diffie-hellman-group-exchange-sha256 [X] diffie-hellman-group14-sha1 [X] diffie-hellman-group-exchange-sha1 [ ] diffie-hellman-group1-sha1 [1] <https://bettercrypto.org/static/applied-crypto-hardening.pdf>