0

Is it possible to get the Cipher name from .ppk file? For e.g. name like TLS-CHACHA20-POLY1305-SHA256 or ECDHE-ECDSA-AES256-GCM-SHA384

Edit: Based on the responses in answers and comments, it seems I posted an invalid query here. Apologies, I am a newbie so was not aware about the concepts.

404
  • 103
  • 3
  • You are confusing a large binary number that is stored in the PPK and the software which implements algorithms that use the number. The PPK does not contain algorithms. Those are implemented in software. The number can be used with algorithms that do not even exist today. – John Hanley Dec 20 '21 at 23:38

2 Answers2

1

A PPK file is a key file. There is no cipher like the one you've specified inside it - specifically since you specified TLS ciphers which are different from SSH ciphers. So there is no such cipher to get from the PPK file.

Steffen Ullrich
  • 13,227
  • 27
  • 39
  • Thanks Steffen. So which file would contain cipher details? To add context, we are to check the below "To ensure that connections to *.concursolutions.com and * api.concursolutions.com are not disrupted, clients and partners who connect to *.concursolutions.com and * api.concursolutions.com through an application that uses an unsupported cipher must update the application to a supported cipher ". We are connecting using SFTP – 404 Dec 20 '21 at 15:58
  • @404: Ciphers are negotiated, i.e. there is no fixed cipher. Assuming that you are using Putty (hence PPK files) see [here](https://documentation.help/PuTTY/config-ssh-encryption.html) on how the ciphers are configured. Note though that the kind of ciphers you mention in the question are TLS ciphers (i.e. for HTTPS in browsers), not SSH/SFTP ciphers. – Steffen Ullrich Dec 20 '21 at 16:35
  • @SteffenUllrich I suspect that these cyphers names (TLS-CHACHA20-POLY1305-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) correspond to chacha20-poly1305@openssh.com and aes256-gcm@openssh.com. – AlexD Dec 20 '21 at 18:08
  • @AlexD: SSH distinguishes between Ciphers (symmetric encryption), Key Exchange Algorithms and Key Algorithms. TLS packs everything together into a cipher string (TLS 1.3 moved key algorithms out of the cipher string). So for me it is not really clear what the OP is asking. My current guess is that somebody gave the OP TLS related instructions with the order to make sure that everything is configured securely and now the OP is trying to apply this to SSH/SFTP w/o having any idea that these are actually different things. – Steffen Ullrich Dec 20 '21 at 18:18
1

According to the following PPK format description you can find SSH algorithm encoded as a string with key algorithm-name and the key encryption algorithm as a string encryption-type.

AlexD
  • 8,747
  • 2
  • 29
  • 38
  • Thanks AlexD, yes but it only shows ssh-rsa and not the Cipher name – 404 Dec 20 '21 at 16:05
  • I suspect that you are talking about connection cyphers. They are negotiated when a connection is established between a ssh client and a ssh server. They are independent of the key encryption. – AlexD Dec 20 '21 at 16:11
  • Sorry I am a newbie here. So when we connect to SFTP via SSH certificate, the cipher is not involved? We have one SFTP server where we connect via Public Key/Private key handshake and Essentially we are asked to check this - "To ensure that connections to *.concursolutions.com and * api.concursolutions.com are not disrupted, clients and partners who connect to *.concursolutions.com and * api.concursolutions.com through an application that uses an unsupported cipher must update the application to a supported cipher" – 404 Dec 20 '21 at 16:15
  • 1
    When you connect to an SFTP server SSH keys are used for authentication and cyphers are used for encryption. You just need to make sure that you are using an up to date client to connect to your SFTP server and that this client supports at least some cyphers supported by the server. You probably want to open another question with the details of your client software and SFTP server software. – AlexD Dec 20 '21 at 16:20
  • Thanks, can you update this as an answer so that i can mark it as an answer. – 404 Dec 20 '21 at 16:25