MOVEit Gateway ciphers are loaded from MOVEit Transfer each time the Gateway services are started.

The following MAC, KEX, and Public Key algorithms are enabled by default on MOVEit Gateway 2024.1, and later:
  • MAC
    • hmac-sha2-256
    • hmac-sha2-512
  • KEX
    • curve25519-sha256
    • curve25519-sha256@libssh.org
    • diffie-hellman-group-exchange-sha256
    • diffie-hellman-group14-sha256
    • diffie-hellman-group16-sha512
    • diffie-hellman-group18-sha512
    • ecdh-sha2-nistp521
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp256
  • Public Key
    • ssh-ed25519
    • ecdsa-sha2-nistp256
    • ecdsa-sha2-nistp384
    • ecdsa-sha2-nistp521
    • rsa-sha2-256
    • rsa-sha2-512
    • ssh-rsa
    • ssh-dss
    • x509v3-sign-rsa
    • x509v3-sign-dss

To specify MACs, KEX or Public Key algorithms

Note: To make any changes to the MACs, KEX or Public Key algorithms, you must select the default SFTP Proxy in the MOVEit Gateway settings.

MOVEit Gateway 2024.1 and later, uses the information that is specified in the mg-config.json file to read configured values at startup.

The mg-config.json file is in the HOME\MOVEit\MOVEit Gateway\ directory, where HOME is the MOVEit Gateway directory that is created during installation.

Before you begin, backup and save a copy of the mg-config.json file.

  1. Stop MOVEit Gateway using Windows services.
  2. Open the mg-config.json file in a text editor as an administrator.
  3. Edit the algorithms as required.
  4. Save the changes to the mg-config.json file.
  5. Start MOVEit Gateway using Windows services.

To configure SSH ciphers for Port 10022

Before you begin, backup and save a copy of the mg-config.json file located in the HOME\MOVEit\MOVEit Gateway\ directory, where HOME is the MOVEit Gateway directory that is created during installation.

  1. Stop MOVEit Gateway using Windows services.
  2. Open the mg-config.json file in a text editor as an administrator.
  3. Add or update the following entry in the mg-config.json file, Replace the cipher list with your chosen ciphers.
    
"tunnelSshCiphers": [ "aes256-ctr", "aes192-ctr", "aes128-ctr" ]
    By default, the SSH tunnel will use these three ciphers if not manually configured in the mg-config.json file.
  4. Save the changes to the mg-config.json file.
  5. Start MOVEit Gateway using Windows services.

For more information about SSH ciphers, KEX, or MAC algorithms, see SSH - Configuration (and IP address bindings).