On Mon, 2002-06-10 at 19:13, Jeff Bonner wrote: > Questions: > > 1) Are all those ciphers actually available in my SSH package? Run the ssh daemon with debugging on (2 levels or more) and check the output: sshd -d -d -d -p <someport> ssh -v -p <someport> 127.0.0.1 Look at all the pretty output... <snipped> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 <snipped> > 2) The SHA1-96 hash should be better than MD5-96, correct? I'll make no statements about that... > 3) Any reason you *wouldn't* want to use compression in SSH? If you are using it over fast networks or slow systems... as opposed to using it over modems and fast systems... It all depends on your requirements. Also, if using ssh for file-transfer or allready compressed files, compressing them again will only cost cpu cycles...
Attachment:
signature.asc
Description: This is a digitally signed message part