RE: SSH2 Encryption
On Mon 10 Jun 2002 13:24, Mark Janssen wrote:
> Run the ssh daemon with debugging on (2 levels or more) and check the
> output:
>
> sshd -d -d -d -p <someport>
> ssh -v -p <someport> 127.0.0.1
>
> Look at all the pretty output...
> <snipped>
Yeah, after I wrote that message, I tried to connect with a cipher
that SSH *doesn't* support (namely Twofish), and I got something
similar in my /var/log/messages:
Jun 10 12:52:38 firegate sshd[2741]: fatal: no matching cipher found:
client twofish-cbc server aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,
rijndael256-cbc,rijndael-cbc@lysator.liu.se
> > 2) The SHA1-96 hash should be better than MD5-96, correct?
>
> I'll make no statements about that...
Hmm... everything I've read so far suggests SHA1(-96) is more secure
Than MD5(-96) but if there's something I am missing, clue me in. :)
Most of those dox were PGP-related, although I suppose that doesn't
matter much, same principle.
> > 3) Any reason you *wouldn't* want to use compression in SSH?
>
> If you are using it over fast networks or slow systems... as
> opposed to using it over modems and fast systems... It all depends
> on your requirements.
Well, this is a fast (10Mbps) LAN connection on a fairly slow (486
66MHz) system.
> Also, if using ssh for file-transfer or allready compressed files,
> compressing them again will only cost cpu cycles...
Ahh, yes... OK. I forgot all about pre-compressed files, so that
makes sense now.
Thanks,
Jeff Bonner
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: