> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/ssh-configuration-for-remote-desktop-manager-fips-140-2-compliance.md).

# SSH configuration for Remote Desktop Manager FIPS 140-2 compliance

For the Remote Desktop Manager SSH client to be compliant with the FIPS 140-2 annex A standard, you need to apply specific configuration changes in Remote Desktop Manager options.

{% hint style="success" %}
To be compliant, you must ensure that non-compliant algorithms are disabled. To do this, you need to verify that the boxes that are NOT checked in the screenshots below are disabled in the client configuration.
{% endhint %}

{% hint style="warning" %}
We do not recommend using these settings unless you are in an environment that requires compliance with the FIPS 140-2. Most users should stick to the default settings of Remote Desktop Manager and enable additional cipher suites only if required by their servers.
{% endhint %}

{% hint style="info" %}
These values originate from the Microsoft’s documentation [FIPS140.2 annex A standard](https://docs.microsoft.com/en-us/cpp/linux/set-up-fips-compliant-secure-remote-linux-development?view=msvc-160)
{% endhint %}

1. In Remote Desktop Manager, go to ***File – Settings – Types – Terminal – Algorithm Support***.
2. In the ***Cipher*** tab, uncheck:
   * Chacha20 Poly1305 (openssh.com)
   * Aes256 Gcm (openssh.com)
   * Aes128 Gmc (openssh.com)
   * Rijndael Cbc (lysator.liu.se)

     <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_kb_KB4861.png" alt=""><figcaption></figcaption></figure>
3. In the ***Host key*** tab, uncheck:
   * Ssh Ed25519
   * X509v3 Sign Rsa
   * X509v3 Sign Rsa Sha256 (ssh.com)
   * Ssh Dss

     <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_kb_KB4862.png" alt=""><figcaption></figcaption></figure>
4. In the ***Kex*** tab, uncheck:
   * Curve25519 Sha256
   * Curve25519 Sha256 (libssh.org)
   * Diffie Hellman Group16 Sha512
   * Diffie Hellman Group18 Sha512
   * Diffie Hellman Group14 Sha256
   * Diffie Hellman Group1 Sha1

     <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_kb_KB4863.png" alt=""><figcaption></figcaption></figure>
5. In the ***MAC*** tab, uncheck:
   * Hmac Sha 1 96
   * Hmac Md5 96
   * Hmac Md5

     <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_kb_KB4864.png" alt=""><figcaption></figcaption></figure>
6. Click ***OK***.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/ssh-configuration-for-remote-desktop-manager-fips-140-2-compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.