Configuring Ciphers and MACs

For best performance, prune the cipher and MAC algorithms in the server configuration file to only those that are supported by the cryptographic hardware. If a client suggests an algorithm that is not supported by the cryptographic hardware, software cryptography will be used.

Example: Ciphers and MACs in the server configuration file sshd2_config

Ciphers           aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
MACs              hmac-sha1,hmac-sha1-96

The example sshd2_config configuration file lists the algorithms that are used by default. For a list of all the supported algorithms, see the Administrator Manual.