diff --git a/libssh/kex.c b/libssh/kex.c
index d0753b82..5d1c9cb0 100644
--- a/libssh/kex.c
+++ b/libssh/kex.c
@@ -44,7 +44,7 @@
 
 #ifdef HAVE_LIBGCRYPT
 #define BLOWFISH "blowfish-cbc,"
-#define AES "aes256-cbc,aes192-cbc,aes128-cbc,"
+#define AES "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,"
 #define DES "3des-cbc"
 #elif defined HAVE_LIBCRYPTO
 #ifdef HAVE_OPENSSL_BLOWFISH_H
diff --git a/libssh/wrapper.c b/libssh/wrapper.c
index b7de1532..991a7c21 100644
--- a/libssh/wrapper.c
+++ b/libssh/wrapper.c
@@ -157,29 +157,31 @@ static void blowfish_decrypt(struct crypto_struct *cipher, void *in,
 }
 
 static int aes_set_key(struct crypto_struct *cipher, void *key, void *IV) {
+  int mode=GCRY_CIPHER_MODE_CBC;
   if (cipher->key == NULL) {
     if (alloc_key(cipher) < 0) {
       return -1;
     }
-
+    if(strstr(cipher->name,"-ctr"))
+      mode=GCRY_CIPHER_MODE_CTR;
     switch (cipher->keysize) {
       case 128:
         if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES128,
-              GCRY_CIPHER_MODE_CBC, 0)) {
+              mode, 0)) {
           SAFE_FREE(cipher->key);
           return -1;
         }
         break;
       case 192:
         if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES192,
-              GCRY_CIPHER_MODE_CBC, 0)) {
+              mode, 0)) {
           SAFE_FREE(cipher->key);
           return -1;
         }
         break;
       case 256:
         if (gcry_cipher_open(&cipher->key[0], GCRY_CIPHER_AES256,
-              GCRY_CIPHER_MODE_CBC, 0)) {
+              mode, 0)) {
           SAFE_FREE(cipher->key);
           return -1;
         }
@@ -189,9 +191,17 @@ static int aes_set_key(struct crypto_struct *cipher, void *key, void *IV) {
       SAFE_FREE(cipher->key);
       return -1;
     }
-    if (gcry_cipher_setiv(cipher->key[0], IV, 16)) {
-      SAFE_FREE(cipher->key);
-      return -1;
+    if(mode == GCRY_CIPHER_MODE_CBC){
+      if (gcry_cipher_setiv(cipher->key[0], IV, 16)) {
+
+        SAFE_FREE(cipher->key);
+        return -1;
+      }
+    } else {
+      if(gcry_cipher_setctr(cipher->key[0],IV,16)){
+        SAFE_FREE(cipher->key);
+        return -1;
+      }
     }
   }
 
@@ -319,6 +329,39 @@ static struct crypto_struct ssh_ciphertab[] = {
     .cbc_encrypt     = blowfish_encrypt,
     .cbc_decrypt     = blowfish_decrypt
   },
+  {
+    .name            = "aes128-ctr",
+    .blocksize       = 16,
+    .keylen          = sizeof(gcry_cipher_hd_t),
+    .key             = NULL,
+    .keysize         = 128,
+    .set_encrypt_key = aes_set_key,
+    .set_decrypt_key = aes_set_key,
+    .cbc_encrypt     = aes_encrypt,
+    .cbc_decrypt     = aes_encrypt
+  },
+  {
+      .name            = "aes192-ctr",
+      .blocksize       = 16,
+      .keylen          = sizeof(gcry_cipher_hd_t),
+      .key             = NULL,
+      .keysize         = 192,
+      .set_encrypt_key = aes_set_key,
+      .set_decrypt_key = aes_set_key,
+      .cbc_encrypt     = aes_encrypt,
+      .cbc_decrypt     = aes_encrypt
+  },
+  {
+      .name            = "aes256-ctr",
+      .blocksize       = 16,
+      .keylen          = sizeof(gcry_cipher_hd_t),
+      .key             = NULL,
+      .keysize         = 256,
+      .set_encrypt_key = aes_set_key,
+      .set_decrypt_key = aes_set_key,
+      .cbc_encrypt     = aes_encrypt,
+      .cbc_decrypt     = aes_encrypt
+  },
   {
     .name            = "aes128-cbc",
     .blocksize       = 16,