services.openssh.settings.KexAlgorithms
NixOS option
Allowed key exchange algorithms Defaults to a curated set of algorithms. Set enableRecommendedAlgorithms to false to use upstream’s defaults.
type: null or (list of string)Default
declared in: nixos/modules/services/networking/ssh/sshd.nixView source on NixOS/nixpkgs →''
if config.services.openssh.enableRecommendedAlgorithms then
[
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
]
else
null;
''