SSH

Configuring Ciphers

The algorithm(s) used for session encryption can be specified in the sshd2_config file:

Ciphers             aes128-cbc,3des-cbc

The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:

aes128-ctr3des-cbctwofish192-cbc
aes192-ctrarcfourtwofish256-cbc
aes256-ctrblowfish-cbccast128-12-cbc@ssh.com
aes128-cbccast128-cbcseed-cbc@ssh.com
aes192-cbctwofish-cbcrijndael-cbc@ssh.com
aes256-cbctwofish128-cbc

Special values for this option are the following:

  • Any: includes all supported ciphers plus none.

  • AnyStd: includes ciphers from the IETF SSH standards and none. The standard ciphers are aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, arcfour, blowfish-cbc, cast128-cbc, twofish128-cbc, twofish192-cbc, twofish256-cbc, twofish-cbc.

  • none: no encryption, connection will be in plaintext.

  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none.

  • AnyStdCipher: the same as AnyStd, but excludes none.

The default ciphers are aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc and 3des-cbc.