openSSH: configure ciphers.

Tue Jan 9 21:47:45 EST 2001

On Mon, Jan 08, 2001 at 03:02:00PM -0800, Sunil K. Vallamkonda wrote:
> 
> I see that:
> SSH uses the following ciphers for encryption: 

replace 'SSH uses' by 'the SSH protocol defines'

>  Cipher           SSH1        SSH2
>  DES              yes         no
>  3DES             yes         yes
>  IDEA             yes         no
>  Blowfish         yes         yes
>  Twofish          no          yes
>  Arcfour          no          yes
>  Cast128-cbc      no          yes

OpenSSH supports in protocol
SSH-1: 3des, blowfish (the client additionally supports DES)
SSH-2: 3des, blowfish, AES, cast, arcfour

> 1) Using openssh, how do I configure which
>    set of ciphers to use from above set for SSH1 and SSH2 ?
>    Does "yes" above mean must or an option (configurable)?

3des and blowfish are always enabled in SSH-1 servers.
SSH-1 clients can select the cipher with
	ssh -c cipher
or 'Cipher cipher' in .ssh/config or ssh_config

SSH-2 clients and servers can use
	Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc
in sshd_config or .ssh/config or ssh_config
or
	ssh -c cipher

but this is all in the manpages.

> 2) Does SSH2 use DES and 3DES or it is DES or 3DES ?
>    If latter, can I specify SSH2 with DES ?

no, DES is not defined for SSH2.

-markus