Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.5.0 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Supported encryption algorithms

The following tables contain all the encryption algorithms you can configure One Identity Safeguard for Privileged Sessions (SPS) to recognize. If you use a configuration that is only partially supported, SPS might ignore the connection without warning.

NOTE:

Do not use the CBC block cipher mode, or the diffie-hellman-group1-sha1 key exchange algorithm.

Key exchange algorithms

The default SPS configuration for both the client and the server is the following:

diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512

The following key exchange (KEX) algorithms are recognized:

Table 8: Key exchange (KEX) algorithms
Key exchange (KEX) Default Comment
diffie-hellman-group1-sha1 Not recommended
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha256 -
diffie-hellman-group15-sha512 -
diffie-hellman-group16-sha512 -
diffie-hellman-group17-sha512 -
diffie-hellman-group18-sha512 -
Cipher algorithms

The default SPS configuration for both the client and the server is the following:

aes128-ctr,aes192-ctr,aes256-ctr

The following cipher algorithms are recognized:

Table 9: Cipher algorithms
Cipher algorithm Default Comment
3des-cbc Not recommended
blowfish-cbc Not recommended
twofish256-cbc Not recommended
twofish-cbc Not recommended
twofish192-cbc Not recommended
twofish128-cbc Not recommended
aes256-cbc Not recommended
aes192-cbc Not recommended
aes128-cbc Not recommended
aes256-ctr
aes192-ctr
aes128-ctr
serpent256-cbc Not recommended
serpent192-cbc Not recommended
serpent128-cbc Not recommended
arcfour Not recommended
idea-cbc Not recommended
cast128-cbc Not recommended
none Means no cipher algorithm; not recommended
Message authentication code (MAC) algorithms

The default SPS configuration for both the client and the server is the following:

hmac-sha2-256,hmac-sha2-512

The following MAC algorithms are recognized:

Table 10: Message Authentication Code (MAC) algorithms
MAC Default
hmac-sha1
hmac-sha1-96
hmac-md5
hmac-md5-96
hmac-sha2-256
hmac-sha2-512
SSH compression algorithms

The default SPS configuration for both the client and the server is the following:

none

The following SSH compression algorithms are recognized:

Table 11: SSH compression algorithms
SSH compression algorithm Default Comment
zlib
none Means no compression
Related Documents