ssh command & valid cipher names

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Thu Nov 16 06:28:02 EST 2000


On Wed, Nov 15, 2000 at 03:57:51PM +0200, Marko Asplund wrote:
> On Fri, 10 Nov 2000, Marko Asplund wrote:
> 
> > i thought that it would be useful to make ssh command to print valid
> > cipher names in case an unknown cipher has been specified by the user for
> > example the command 'ssh -c list' would print:
> > 
> > Unknown cipher type 'list'
> > valid cipher names: none, des, 3des, blowfish, 3des-cbc, blowfish-cbc,
> > cast128-cbc, arcfour, aes128-cbc, aes192-cbc, aes256-cbc, rijndael128-cbc,
> > rijndael192-cbc, rijndael256-cbc, rijndael-cbc at lysator.liu.se
> 
> regarding the issue of cipher selection, shouldn't there be a mechanism
> for sys admins to enforce site security policy by being able to choose the
> ciphers which sshd allows clients to use? for example i'd like to disallow
> clients connecting with ciphers none and des to our ssh servers.

use Ciphers in sshd_config.  this applies to SSH-2, only.

note also that the cipher 'none' is only valid for encrypting host keys.

'des' is only available to the client in SSH-1 (e.g. if you connect
to cisco machines).

-m





More information about the openssh-unix-dev mailing list