Configuring Ciphers

The algorithm(s) used for session encryption can be specified in the sshd2_config file:

Ciphers             aes128-cbc,3des-cbc

The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:


Special values for this option are the following:

  • Any: allows all the ciphers including none

  • AnyStd: allows only the ciphers mentioned in IETF SecSh draft and none. The standard ciphers are aes128-cbc, 3des-cbc, twofish128-cbc, cast128-cbc, twofish-cbc, blowfish-cbc, idea-cbc, aes192-cbc, aes256-cbc, twofish192-cbc, twofish256-cbc, and arcfour.

  • none: no encryption, connection will be in plaintext

  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none

  • AnyStdCipher: the same as AnyCipher, but includes only those ciphers mentioned in IETF SecSh draft (excluding none)

The default ciphers are aes128-cbc, aes192-cbc, aes256-cbc and 3des-cbc.