MOVEit Gateway ciphers are loaded from MOVEit Transfer each time the Gateway services are started.

The following MAC, KEX, and Public Key algorithms are enabled by default on MOVEit Gateway 2024.1, and later:
  • MAC
    • hmac-sha2-256
    • hmac-sha2-512
  • KEX
    • curve25519-sha256
    • curve25519-sha256@libssh.org
    • diffie-hellman-group-exchange-sha256
    • diffie-hellman-group14-sha256
    • diffie-hellman-group16-sha512
    • diffie-hellman-group18-sha512
    • ecdh-sha2-nistp521
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp256
  • Public Key
    • ssh-ed25519
    • ecdsa-sha2-nistp256
    • ecdsa-sha2-nistp384
    • ecdsa-sha2-nistp521
    • rsa-sha2-256
    • rsa-sha2-512
    • ssh-rsa
    • ssh-dss
    • x509v3-sign-rsa
    • x509v3-sign-dss

To specify MACs, KEX or Public Key algorithms

Note: To make any changes to the MACs, KEX or Public Key algorithms, you must select the default SFTP Proxy in the MOVEit Gateway settings.

MOVEit Gateway 2024.1 and later, uses the information that is specified in the mg-config.json file to read configured values at startup.

The mg-config.json file is in the HOME\MOVEit\MOVEit Gateway\ directory, where HOME is the MOVEit Gateway directory that is created during installation.

Before you begin, backup and save a copy of the mg-config.json file.

  1. Open the mg-config.json file in a text editor as an administrator.
  2. Edit the algorithms as required.
  3. Save the changes to the mg-config.json file.
  4. Restart MOVEit Gateway using Windows services.

For more information about SSH ciphers, KEX, or MAC algorithms, see SSH - Configuration (and IP address bindings).