Hi Jeff,
This one time, Jeff Bonner wrote:
> I've been playing around with a Woody installation, connecting to it via
> SSH2, with SecureCRT 3.4 for Win32. I think I've finally figured out what
> encryption types this Debian package (ssh 3.0.2p1-9) supports, but please
> correct me if I'm wrong -- http://www.openssh.org/features.html lists *only*
> 3DES and Blowfish:
> AES-128
> AES-192
> AES-256 (isn't this Rijndael now?)
> Triple DES
> Blowfish
> RC4
> rijndael-128cbc
> rijndael-192cbc
> rijndael-256cbc
> rijndael-cbc@lysator.liu.se [sic]
> CAST-128cbc
Check the man page for what ciphers SSH2 accepts. I usually leave it on
Blowfish because it's secure and it's the fastest cipher. AES sucks
because it's dog slow, and it doesn't buy you that much more security
than Blowfish.
> Also, there's an option in SecureCRT called "MAC" which I guess refers
> to the
> hash: MD5, SHA1, MD5-96, and SHA1-96.
Pick SHA1 or SHA1-96. MD5 has been broken (or it's close to).
> Questions:
>
> 1) Are all those ciphers actually available in my SSH package?
Yep, as long as you have OpenSSL support :)
> 2) The SHA1-96 hash should be better than MD5-96, correct?
Correct.
> 3) Any reason you *wouldn't* want to use compression in SSH?
Yes, if you're going over a high speed line, no reason to use
compression. If you're connecting through a slow line (like a
modem), use compression.
-Anne
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' gator@cacr.caltech.edu
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgpEoHmadgZ2q.pgp
Description: PGP signature