services.openssh.settings.Ciphers
NixOS option
Allowed ciphers Defaults to a curated set of algorithms. Set enableRecommendedAlgorithms to false to use upstream’s defaults.
type: null or (list of string)Default
declared in: nixos/modules/services/networking/ssh/sshd.nixView source on NixOS/nixpkgs →''
if config.services.openssh.enableRecommendedAlgorithms then
[
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
]
else
null;
''