Your browser does not allow storing cookies. We recommend enabling them.


Configuring Ciphers

The algorithm(s) used for session encryption can be specified in the sshd2_config file:

Ciphers             aes128-cbc,3des-cbc

Currently supported cipher names are the following:


Special values for this option are the following:

  • Any: includes all supported ciphers plus none.

  • AnyStd: includes ciphers from the IETF SSH standards and none. The standard ciphers are aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, arcfour, blowfish-cbc, cast128-cbc, twofish128-cbc, twofish192-cbc, twofish256-cbc, twofish-cbc.

  • none: no encryption, connection will be in plaintext.

  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none.

  • AnyStdCipher: the same as AnyStd, but excludes none.

The default ciphers are aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc and 3des-cbc.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now