The algorithm(s) used for session encryption can be chosen in the sshd2_config file:
The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:
Special values for this option are the following:
Any: allows all the ciphers including none
AnyStd: allows only the ciphers mentioned in IETF-SecSh draft and none The standard ciphers are aes128-cbc, 3des-cbc, twofish128-cbc, cast128-cbc, twofish-cbc, blowfish-cbc, idea-cbc, aes192-cbc, aes256-cbc, twofish192-cbc, twofish256-cbc, and arcfour.
none: no encryption, connection will be in plaintext
AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none
AnyStdCipher: the same as AnyCipher, but includes only those ciphers mentioned in IETF-SecSh- draft (excluding none).
The default ciphers are:
Copyright 2011 Tectia Corporation This software is protected by international copyright laws. All rights reserved. Contact Information
What to read next:
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government. Download now
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community. Download now