Default forwarding features; default cipher

Jim Knoble jmknoble at
Fri Oct 26 01:37:57 EST 2001

Circa 2001-Oct-25 10:15:45 -0400 dixit Ed Phillips:

: On Wed, 24 Oct 2001, Jim Knoble wrote:
: > Are you sure you're reading the default ssh_config file, and that
: > you're reading it correctly?  To my recollection, the default
: > ssh_config file is "empty" (i.e., contains no non-blank, uncommented
: Right... I meant the comments that supposedly list the options and their
: defaults - which may be out of date.  I find it useful if it's correct.

I suspect that interpretation isn't quite spot on:

  $ pwd
  $ grep -i '^#[ ]*cipher\>' /etc/ssh/ssh_config
  #   Cipher blowfish
  $ fgrep ssh_cipher_default *.c
  sshconnect1.c:  int ssh_cipher_default = SSH_CIPHER_3DES;
  sshconnect1.c:          if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
  sshconnect1.c:                  options.cipher = ssh_cipher_default;
  sshconnect1.c:              cipher_name(ssh_cipher_default));
  sshconnect1.c:          options.cipher = ssh_cipher_default;

I'd accept the opinion of the manual page over the comments in the
default config file.

: > [...] For SSH protocol v2, the 'Ciphers' (plural) keyword applies;
: > the default configuration asks for 'aes128-cbc' first.
: Okay... what is aes128?

: > That said, i don't know of any reason for you not to configure "Cipher
: > blowfish" and "Ciphers blowfish-cbc,..." as defaults.  Blowfish is a
: > fast cipher, and it's been around for quite a while....
: I'd like to use the one that is accepted as being fast yet strong... ;-)

Feel free:

jim knoble | jmknoble at   |
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list