[Bug 1801] cipher_spec section of ssh man page needs update

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Jul 22 15:56:23 EST 2010 

https://bugzilla.mindrot.org/show_bug.cgi?id=1801

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au>  ---
Quoting it in full:

" -c cipher_spec
    Selects the cipher specification for encrypting the session.

    Protocol version 1 allows specification of a single cipher.  The
    supported values are ``3des'', ``blowfish'', and ``des''.  3des
    (triple-des) is an encrypt-decrypt-encrypt triple with three
    different keys.  It is believed to be secure.  blowfish is a fast
    block cipher; it appears very secure and is much faster than
    3des.  des is only supported in the ssh client for
    interoperability with legacy protocol 1 implementations that do
    not support the 3des cipher.  Its use is strongly discouraged due
    to cryptographic weaknesses.  The default is ``3des''.

    For protocol version 2, cipher_spec is a comma-separated list of
    ciphers listed in order of preference.  See the Ciphers keyword
    for more information."

There's 2 paragraphs: the first describes version 1 of the protocol for
which the default *is* 3des.  The default cipher list for protocol 2
list listed in ssh_config(5):

"Ciphers
   Specifies the ciphers allowed for protocol version 2 in order of
   preference.  Multiple ciphers must be comma-separated.  The sup-
   ported ciphers are "3des-cbc", "aes128-cbc", "aes192-cbc",
   "aes256-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr",
   "arcfour128", "arcfour256", "arcfour", "blowfish-cbc", and
   "cast128-cbc".  The default is:

   aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
   aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
   aes256-cbc,arcfour"

The reference in ssh(1) should be a reference to ssh_config(5) though.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list