In SecureFTPConnection, the algorithms that the client presents to the server for negotiation can be specified if required. The server will have its own set of preferred algorithms configured, and the protocol chooses one of the algorithms supported by both client and server.
Two sets of algorithms can be specified - the preferred public key algorithms that control the type of the server supplied public key (see SSHPublicKeyAlgorithm); and the preferred cipher algorithms (see SSHCipherAlgorithm).
Note that SecureFTPConnection is already configured with all its available algorithms. The main reason for modifying them is to restrict the algorithms being used.
Public key algorithms
Either DSA or RSA or both can be set for the preferred public key algorithms for server authentication. If, for example, RSA is set, the server will present an RSA public key to the client (if the server supports RSA keys of course - some servers do not). The code below illustrates how to set RSA only:
ftpConnection.PreferredHostKeyAlgorithms = SSHPublicKeyAlgorithm.RSA;The default is both DSA and RSA enabled.
Cipher algorithms
The cipher algorithms are the symmetric algorithms used to perform the encryption of the SFTP data and commands. Currently, the available client cipher algorithms are triple DES, Blowfish and AES128. The code below illustrates how to set triple DES as the cipher algorithm:
ftpConnection.PreferredCipherAlgorithms = SSHCipherAlgorithm.TripleDES;The default is all three algorithms enabled.
The enum is used as a bitwise flag, so members of SSHCipherAlgorithm can be OR'd together to indicate more than one algorithm, as shown below:
ftpConnection.PreferredCipherAlgorithms = SSHCipherAlgorithm.TripleDES | SSHCipherAlgorithm.Blowfish;To reset to all algorithms, use the All value:
ftpConnection.PreferredCipherAlgorithms = SSHCipherAlgorithm.All;