ssh command & valid cipher names
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Thu Nov 16 06:28:02 EST 2000
On Wed, Nov 15, 2000 at 03:57:51PM +0200, Marko Asplund wrote:
> On Fri, 10 Nov 2000, Marko Asplund wrote:
>
> > i thought that it would be useful to make ssh command to print valid
> > cipher names in case an unknown cipher has been specified by the user for
> > example the command 'ssh -c list' would print:
> >
> > Unknown cipher type 'list'
> > valid cipher names: none, des, 3des, blowfish, 3des-cbc, blowfish-cbc,
> > cast128-cbc, arcfour, aes128-cbc, aes192-cbc, aes256-cbc, rijndael128-cbc,
> > rijndael192-cbc, rijndael256-cbc, rijndael-cbc at lysator.liu.se
>
> regarding the issue of cipher selection, shouldn't there be a mechanism
> for sys admins to enforce site security policy by being able to choose the
> ciphers which sshd allows clients to use? for example i'd like to disallow
> clients connecting with ciphers none and des to our ssh servers.
use Ciphers in sshd_config. this applies to SSH-2, only.
note also that the cipher 'none' is only valid for encrypting host keys.
'des' is only available to the client in SSH-1 (e.g. if you connect
to cisco machines).
-m
More information about the openssh-unix-dev
mailing list