Ciphers and MACs
The algorithm(s) used for symmetric session encryption
can be chosen in the sshd2_configssh2_config
Ciphers twofish,blowfish
The system will attempt to use the different encryption ciphers
in the sequence specified on the line. Currently
supported cipher names are the following:
-
des -
3des -
blowfish -
twofish -
cast -
arcfour -
aes
Of these ciphers, Blowfish and Twofish are especially suitable
for file transfers.
Special values for this option are the following:
-
Any: allows all the cipher values including none
-
AnyStd: allows only standard ciphers and none
-
none: forbids any use of encryption
-
AnyCiphernone
-
AnyStdCipherAnyCipher, but includes only those ciphers mentioned
in IETF-SecSH-draft (excluding
none). This is the default value.
The MAC (Message Authentication Code) algorithm(s) used for
data integrity verification can be chosen in the
sshd2_configssh2_config
MACs hmac-sha1,hmac-md5
The system will attempt to use the different MAC algorithms in
the sequence they are specified on the line. Supported MAC
names are the following:
-
hmac-sha1 -
hmac-sha1-96 -
hmac-md5 -
hmac-md5-96 -
hmac-ripemd160 -
hmac-ripemd160-96
Special values for this option are the following:
-
Any: allows all the MAC values including none
-
AnyStd: allows only standard MACs and none
-
none: forbids any use of MACs
-
AnyMacnone
-
AnyStdMacAnyMac, but includes
only those MACs mentioned in IETF-SecSH-draft (excluding
none). This is the default value.
Both cipher and MAC can also be defined using command line
arguments with ssh2scp2
$ scp2 -c twofish -m hmac-md5 foobar user@remote:./tmp
Note: Algorithm names are case sensitive.
