Configuring Ciphers

The algorithm(s) used for session encryption can be chosen in the sshd2_config file:

Ciphers             aes128-cbc,3des-cbc

The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:

  • aes128-cbc

  • aes192-cbc

  • aes256-cbc

  • 3des-cbc

  • arcfour

  • blowfish-cbc

  • cast128-cbc

  • twofish-cbc

  • twofish128-cbc

  • twofish192-cbc

  • twofish256-cbc

  • cast128-12-cbc@ssh.com

  • des-cbc@ssh.com

  • seed-cbc@ssh.com

  • rijndael-cbc@ssh.com

Special values for this option are the following:

  • Any: allows all the ciphers including none

  • AnyStd: allows only the ciphers mentioned in IETF-SecSh draft and none The standard ciphers are aes128-cbc, 3des-cbc, twofish128-cbc, cast128-cbc, twofish-cbc, blowfish-cbc, idea-cbc, aes192-cbc, aes256-cbc, twofish192-cbc, twofish256-cbc, and arcfour.

  • none: no encryption, connection will be in plaintext

  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none

  • AnyStdCipher: the same as AnyCipher, but includes only those ciphers mentioned in IETF-SecSh- draft (excluding none).

The default ciphers are:

  • aes128-cbc

  • aes192-cbc

  • aes256-cbc

  • 3des-cbc