Hi Jeff, This one time, Jeff Bonner wrote: > I've been playing around with a Woody installation, connecting to it via > SSH2, with SecureCRT 3.4 for Win32. I think I've finally figured out what > encryption types this Debian package (ssh 3.0.2p1-9) supports, but please > correct me if I'm wrong -- http://www.openssh.org/features.html lists *only* > 3DES and Blowfish: > AES-128 > AES-192 > AES-256 (isn't this Rijndael now?) > Triple DES > Blowfish > RC4 > rijndael-128cbc > rijndael-192cbc > rijndael-256cbc > rijndael-cbc@lysator.liu.se [sic] > CAST-128cbc Check the man page for what ciphers SSH2 accepts. I usually leave it on Blowfish because it's secure and it's the fastest cipher. AES sucks because it's dog slow, and it doesn't buy you that much more security than Blowfish. > Also, there's an option in SecureCRT called "MAC" which I guess refers > to the > hash: MD5, SHA1, MD5-96, and SHA1-96. Pick SHA1 or SHA1-96. MD5 has been broken (or it's close to). > Questions: > > 1) Are all those ciphers actually available in my SSH package? Yep, as long as you have OpenSSL support :) > 2) The SHA1-96 hash should be better than MD5-96, correct? Correct. > 3) Any reason you *wouldn't* want to use compression in SSH? Yes, if you're going over a high speed line, no reason to use compression. If you're connecting through a slow line (like a modem), use compression. -Anne -- .-"".__."``". Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator@cacr.caltech.edu (O/ O) \-' ` -="""=. ', Center for Advanced Computing Research ~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgpEoHmadgZ2q.pgp
Description: PGP signature