Default forwarding features; default cipher

Ed Phillips ed at UDel.Edu
Fri Oct 26 00:15:45 EST 2001

On Wed, 24 Oct 2001, Jim Knoble wrote:

> Date: Wed, 24 Oct 2001 16:26:11 -0400
> From: Jim Knoble <jmknoble at>
> To: openssh-unix-dev at
> Subject: Re: Default forwarding features; default cipher
> Circa 2001-Oct-24 14:49:47 -0400 dixit Ed Phillips:
> : I guess the only gotcha is that you have to enable X11 forwarding in
> : sshd_config.  It appears that by default "ssh -X" is silently
> : ignored on the server side, and "ssh -A" works fine... and normally
> : you get no forwarding from the client without adding the "-A" or
> : "-X".  Is this correct?
> Yes, that's correct.  Both the server and the client must explicitly
> allow X11 forwarding; the default configuration allows it in neither
> place.


> : By the way, I notice in the stock ssh_config, it would appear that
> : "blowfish" is the default cipher.  Is this used for speed or because
> : it provides the best security or both?
> Are you sure you're reading the default ssh_config file, and that
> you're reading it correctly?  To my recollection, the default
> ssh_config file is "empty" (i.e., contains no non-blank, uncommented

Right... I meant the comments that supposedly list the options and their
defaults - which may be out of date.  I find it useful if it's correct.

> lines).  According to the man page, the default value for the 'Cipher'
> keyword is '3des'.  The 'Cipher' (singular) keyword, however, is only
> for SSH protocol v1.  For SSH protocol v2, the 'Ciphers' (plural)
> keyword applies; the default configuration asks for 'aes128-cbc' first.

Okay... what is aes128?

> That said, i don't know of any reason for you not to configure "Cipher
> blowfish" and "Ciphers blowfish-cbc,..." as defaults.  Blowfish is a
> fast cipher, and it's been around for quite a while....

I'd like to use the one that is accepted as being fast yet strong... ;-)



Ed Phillips <ed at> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at for PGP public key

More information about the openssh-unix-dev mailing list