AWS SSH version support

Question

I have a quick query below from the customer about AWS transfer family and hence need a clarification

1.	AWS can only support the SSH cert version 9.6 and above. Our customer may not be running on the latest version of SSH software. We need to ensure that AWS can support the current SFG SSH version.
I understand SSH installed on the remote host is prior to 9.6 are subject to has major vulnerabilities and hence 9.6 and above is recommended. However, we have scenarios with customers are still in 8.6 and we don’t want to force them to move to a new key. Would it be possible to support them by migrating for some time with support for older client till we move to a new key (9.6 and above) later?
Btw I also Checked in AWS documentation and found the following
https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#security-policy-transfer-2020-06 
- Here it says 2018 and 2020 security policies allow ssh-rsa.which is much older version than 8.6
 Could you please confirm?
Please let me know or put us in touch with AWS transfer family team as it’s a quite urgent need from the customer.
Thanks/Nalla.

Answer

Hello, thank you for your question. AWS Transfer Family supports many versions of OpenSSH clients, above and below version 9.6.

With AWS Transfer Family's security policies, you can enable specific algorithms on your server to ensure it's compatible with certain clients. If you're transferring data with a client that uses old SHA1 RSA keys (with the SSH-RSA algorithm), you should configure your server to use the 2020-06 security policy found [here](https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#security-policy-transfer-2020-06).

AWS SSH version support

Relevant content