openSSH: configure ciphers.
Sunil K. Vallamkonda
sunil at redback.com
Tue Jan 9 10:32:23 EST 2001
<..clipped..>
On Tue, 9 Jan 2001, Pekka Savola wrote:
> > IDEA yes no
> > Blowfish yes yes
> > Twofish no yes
> > Arcfour no yes
> > Cast128-cbc no yes
>
> Your list is a based on ssh by ssh communications, I assume.
>
^^^^^^^
thank you for your email.
Yes, I got this list from ssh communications.
Question is: Is there a similar list for openSSH ?
> There has never been Idea in OpenSSH due to patents. Recent versions of
> SSHv2 also support AES aka Rijndael for SSHv2.
>
> DES is just there for SSHv1 compability with certain SSH-enabled routers.
> Because of it's insufficient length, it has been disabled elsewhere.
>
> There are no compile-time configuration options to toggle these on and
> off. You can specify which to use at run time or in configuration using
> 'Cipher' and 'Ciphers'.
>
^^^^^^^^^^^
Does it mean at server side there is no compile-time/run-time
option to specify list of ciphers to accept from a client ?
I find that in SSH Transport Layer Protocol doc:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-08.txt:
3des-cbc REQUIRED three-key 3DES in CBC mode
blowfish-cbc RECOMMENDED Blowfish in CBC mode
twofish-cbc RECOMMENDED Twofish in CBC mode
aes256-cbc RECOMMENDED AES (Rijndael) in CBC mode,
with 256-bit key
aes192-cbc OPTIONAL AES with 192-bit key
<..clipped..>
Is this for SSH1 and SSH2 ?
Does RECOMMENDED mean "MUST" ?
Thank you.
> --
> Pekka Savola "Tell me of difficulties surmounted,
> Netcore Oy not those you stumble over and fall"
> Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
>
>
>
More information about the openssh-unix-dev
mailing list