Default forwarding features; default cipher
Ed Phillips
ed at UDel.Edu
Fri Oct 26 00:15:45 EST 2001
On Wed, 24 Oct 2001, Jim Knoble wrote:
> Date: Wed, 24 Oct 2001 16:26:11 -0400
> From: Jim Knoble <jmknoble at pobox.com>
> To: openssh-unix-dev at mindrot.org
> Subject: Re: Default forwarding features; default cipher
>
> Circa 2001-Oct-24 14:49:47 -0400 dixit Ed Phillips:
>
> : I guess the only gotcha is that you have to enable X11 forwarding in
> : sshd_config. It appears that by default "ssh -X" is silently
> : ignored on the server side, and "ssh -A" works fine... and normally
> : you get no forwarding from the client without adding the "-A" or
> : "-X". Is this correct?
>
> Yes, that's correct. Both the server and the client must explicitly
> allow X11 forwarding; the default configuration allows it in neither
> place.
Okay.
> : By the way, I notice in the stock ssh_config, it would appear that
> : "blowfish" is the default cipher. Is this used for speed or because
> : it provides the best security or both?
>
> Are you sure you're reading the default ssh_config file, and that
> you're reading it correctly? To my recollection, the default
> ssh_config file is "empty" (i.e., contains no non-blank, uncommented
Right... I meant the comments that supposedly list the options and their
defaults - which may be out of date. I find it useful if it's correct.
> lines). According to the man page, the default value for the 'Cipher'
> keyword is '3des'. The 'Cipher' (singular) keyword, however, is only
> for SSH protocol v1. For SSH protocol v2, the 'Ciphers' (plural)
> keyword applies; the default configuration asks for 'aes128-cbc' first.
Okay... what is aes128?
> That said, i don't know of any reason for you not to configure "Cipher
> blowfish" and "Ciphers blowfish-cbc,..." as defaults. Blowfish is a
> fast cipher, and it's been around for quite a while....
I'd like to use the one that is accepted as being fast yet strong... ;-)
Thanks,
Ed
Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key
More information about the openssh-unix-dev
mailing list