[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH2 Encryption



Hi Jeff,

This one time, Jeff Bonner wrote:
> I've been playing around with a Woody installation, connecting to it via
> SSH2, with SecureCRT 3.4 for Win32.  I think I've finally figured out what
> encryption types this Debian package (ssh 3.0.2p1-9) supports, but please 
> correct me if I'm wrong -- http://www.openssh.org/features.html lists *only* 
> 3DES and Blowfish:
> 	AES-128
> 	AES-192
> 	AES-256 (isn't this Rijndael now?)
> 	Triple DES
> 	Blowfish
> 	RC4
> 	rijndael-128cbc
> 	rijndael-192cbc
> 	rijndael-256cbc
> 	rijndael-cbc@lysator.liu.se [sic]
> 	CAST-128cbc

Check the man page for what ciphers SSH2 accepts. I usually leave it on
Blowfish because it's secure and it's the fastest cipher. AES sucks
because it's dog slow, and it doesn't buy you that much more security
than Blowfish.

> Also, there's an option in SecureCRT called "MAC" which I guess refers
> to the
> hash:  MD5, SHA1, MD5-96, and SHA1-96.

Pick SHA1 or SHA1-96. MD5 has been broken (or it's close to).

> Questions:
> 
> 1) Are all those ciphers actually available in my SSH package?

Yep, as long as you have OpenSSL support :)

> 2) The SHA1-96 hash should be better than MD5-96, correct?

Correct.

> 3) Any reason you *wouldn't* want to use compression in SSH?

Yes, if you're going over a high speed line, no reason to use
compression. If you're connecting through a slow line (like a
modem), use compression.

-Anne
-- 

              .-"".__."``".   Anne Carasik, System Administrator
 .-.--. _...' (/)   (/)   ``'   gator@cacr.caltech.edu 
(O/ O) \-'      ` -="""=.    ',  Center for Advanced Computing Research    
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attachment: pgpZJH1Bom6QK.pgp
Description: PGP signature


Reply to: