Algorithms

SSHAlgorithmProfile

public struct SSHAlgorithmProfile: Equatable, Sendable {
    public var keyExchangeAlgorithms: String?
    public var hostKeyAlgorithms: String?
    public var publicKeyAcceptedAlgorithms: String?
    public var ciphersClientToServer: String?
    public var ciphersServerToClient: String?
    public var macsClientToServer: String?
    public var macsServerToClient: String?
    public var minimumRSAKeySize: Int?

    public init(
        keyExchangeAlgorithms: String? = nil,
        hostKeyAlgorithms: String? = nil,
        publicKeyAcceptedAlgorithms: String? = nil,
        ciphersClientToServer: String? = nil,
        ciphersServerToClient: String? = nil,
        macsClientToServer: String? = nil,
        macsServerToClient: String? = nil,
        minimumRSAKeySize: Int? = nil
    )

    public static let modern: SSHAlgorithmProfile     // minimumRSAKeySize: 3072
    public static let legacyRSA: SSHAlgorithmProfile  // +ssh-rsa, minimumRSAKeySize: 1024

    public func inspectEffectiveAlgorithms() throws -> SSHAlgorithmSnapshot
}

Algorithm strings are passed straight to libssh and accept OpenSSH-style + / - / ^ modifiers. inspectEffectiveAlgorithms is synchronous throwing; no callback variant.

SSHAlgorithmSnapshot

public struct SSHAlgorithmSnapshot: Equatable, Sendable {
    public var keyExchangeAlgorithms: String
    public var hostKeyAlgorithms: String
    public var publicKeyAcceptedAlgorithms: String
    public var ciphersClientToServer: String
    public var ciphersServerToClient: String
    public var macsClientToServer: String
    public var macsServerToClient: String
    public var minimumRSAKeySize: Int?
}

libssh exposes minimumRSAKeySize as a set-only option, so the snapshot reports the configured value when a profile supplies one and leaves it absent for libssh defaults.