SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server (M) >>
    Using SSH Tectia Server (M) >>
    Troubleshooting SSH Tectia Server (M) >>
    Configuration >>
        Configuration Files >>
        Subconfigurations >>
        Ciphers and MACs
        Compression
        Configuring Root Logins
        Restricting User Logins
        Subsystems
        Auditing >>
        Securing SSH Tectia Client and Server >>
    Authentication >>
    Application Tunneling >>
    Sample Files >>
    Man Pages
    Log Messages >>

Ciphers and MACs

The algorithm(s) used for symmetric session encryption can be chosen in the sshd2_config and ssh2_config files:
Ciphers             aes128

The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:

  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • arcfour
  • blowfish-cbc
  • cast128-cbc
  • twofish-cbc
  • twofish128-cbc
  • twofish192-cbc
  • twofish256-cbc
  • cast128-12-cbc@ssh.com
  • des-cbc@ssh.com
  • seed-cbc@ssh.com
  • rijndael-cbc@ssh.com

In the FIPS mode, the following ciphers are supported:

  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • des-cbc@ssh.com

Special values for this option are the following:

  • Any: allows all the cipher values including none
  • AnyStd: allows only standard ciphers and none
  • none: forbids any use of encryption
  • AnyCipher: allows any available cipher apart from the non-encrypting cipher mode none
  • AnyStdCipher: the same as AnyCipher, but includes only those ciphers mentioned in IETF-SecSh-draft (excluding none). This is the default value.

The MAC (Message Authentication Code) algorithm(s) used for data integrity verification can be selected in the sshd2_config and ssh2_config files:

MACs                hmac-sha1,hmac-md5

The system will attempt to use the different HMAC algorithms in the sequence they are specified on the line. Supported MAC names are the following:

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha256@ssh.com
  • hmac-sha256-96@ssh.com

In the FIPS mode, only hmac-sha1 is supported.

Special values for this option are the following:

  • Any: allows all the MAC values including none
  • AnyStd: allows only standard MACs and none
  • none: forbids any use of MACs
  • AnyMac: allows any available MAC apart from none
  • AnyStdMac: the same as AnyMac, but includes only those MACs mentioned in IETF-SecSh-draft (excluding none). This is the default value.

Both cipher and MAC can also be defined using command-line arguments with ssh2 and scp2:

$ scp2 -c twofish -m hmac-md5 foobar user@remote:./tmp  

Note: Algorithm names are case-sensitive.

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2005 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice