I see that: SSH uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes Two ques re: sshd: 1) Using openssh, how do I configure which set of ciphers to use from above set for SSH1 and SSH2 ? Does "yes" above mean must or an option (configurable)? 2) Does SSH2 use DES and 3DES or it is DES or 3DES ? If latter, can I specify SSH2 with DES ? Thank you.
On Mon, 8 Jan 2001, Sunil K. Vallamkonda wrote:> I see that: > SSH uses the following ciphers for encryption: > Cipher SSH1 SSH2 > DES yes no > 3DES yes yes > IDEA yes no > Blowfish yes yes > Twofish no yes > Arcfour no yes > Cast128-cbc no yesYour list is a based on ssh by ssh communications, I assume. There has never been Idea in OpenSSH due to patents. Recent versions of SSHv2 also support AES aka Rijndael for SSHv2. DES is just there for SSHv1 compability with certain SSH-enabled routers. Because of it's insufficient length, it has been disabled elsewhere. There are no compile-time configuration options to toggle these on and off. You can specify which to use at run time or in configuration using 'Cipher' and 'Ciphers'. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
On Mon, Jan 08, 2001 at 03:02:00PM -0800, Sunil K. Vallamkonda wrote:> > I see that: > SSH uses the following ciphers for encryption:replace 'SSH uses' by 'the SSH protocol defines'> Cipher SSH1 SSH2 > DES yes no > 3DES yes yes > IDEA yes no > Blowfish yes yes > Twofish no yes > Arcfour no yes > Cast128-cbc no yesOpenSSH supports in protocol SSH-1: 3des, blowfish (the client additionally supports DES) SSH-2: 3des, blowfish, AES, cast, arcfour> 1) Using openssh, how do I configure which > set of ciphers to use from above set for SSH1 and SSH2 ? > Does "yes" above mean must or an option (configurable)?3des and blowfish are always enabled in SSH-1 servers. SSH-1 clients can select the cipher with ssh -c cipher or 'Cipher cipher' in .ssh/config or ssh_config SSH-2 clients and servers can use Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc in sshd_config or .ssh/config or ssh_config or ssh -c cipher but this is all in the manpages.> 2) Does SSH2 use DES and 3DES or it is DES or 3DES ? > If latter, can I specify SSH2 with DES ?no, DES is not defined for SSH2. -markus