What are KEX and Host Key Algorithms?

Overview: This article explains KEX and host key algorithms and guides Linux users on how to view and modify the algorithms used for SSH connections between a client and a server.

KEX: It is the short form of Key Exchange. The algorithm is chosen to compute the secret encryption key. Examples would be  'diffie-hellman-group-exchange-sha1' and modern 'ecdh-sha2-nistp512'.

Public_key or Server Host key: The asymmetric encryption algorithm used in the server's private-public host key pair.  Examples would be 'ssh-rsa' and elliptic curve 'ecdsa-sha2-nistp521'.

1. How to find the KEX (Key Exchange) and Host Key Algorithms in SSH?

Step 1(A): SSH from one linux machine to another in verbose mode to get the detailed process.

Step 1(B): KEX and host key algorithms used to SSH can be found in debug 1 level logs. Refer below example of KEX and host key algorithms.

2. How to change the KEX and host key algorithm on the server machine(the machine you are connecting to from the client)?

Step 2(A): Edit the sshd_config file on the server machine (the machine you are connecting to from the client) and add the following lines to specify KexAlgorithms and HostKeyAlgorithms.

Step 2(B): Restart the SSHD service to apply the changes made in sshd_config.

Step 2(C): SSH from the client machine to the server machine to view the changed KEX and host key algorithms.

3. How to view the list of KEX and Keys in the Linux server?

Step 3(A): Run below command to list keys in the Linux server.

Step 3(B): Run below command to list KEX in the Linux server.

Related Articles:

DSA key based authentication is not working

signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms

signature algorithm ssh-dss not in PubkeyAcceptedAlgorithms