Ciphers and MACs
The algorithm(s) used for symmetric session encryption
can be chosen in the sshd2_configssh2_config
The system will attempt to use the different encryption ciphers
in the sequence specified on the line. Currently
supported cipher names are the following:
-
3des-cbc
-
aes128-cbc
-
aes192-cbc
-
aes256-cbc
-
arcfour
-
blowfish-cbc
-
cast128-cbc
-
twofish-cbc
-
twofish128-cbc
-
twofish192-cbc
-
twofish256-cbc
-
cast128-12-cbc@ssh.com
-
des-cbc@ssh.com
-
seed-cbc@ssh.com
-
rijndael-cbc@ssh.com
In the FIPS mode, the following ciphers are supported:
-
3des-cbc
-
aes128-cbc
-
aes192-cbc
-
aes256-cbc
-
des-cbc@ssh.com
Special values for this option are the following:
-
Any: allows all the cipher values including none
-
AnyStd: allows only standard ciphers and none
-
none: forbids any use of encryption
-
AnyCiphernone
-
AnyStdCipherAnyCipher, but includes only those ciphers mentioned
in IETF-SecSh-draft (excluding
none). This is the default value.
The MAC (Message Authentication Code) algorithm(s) used for data
integrity verification can be selected in the
sshd2_configssh2_config
The system will attempt to use the different HMAC algorithms in
the sequence they are specified on the line. Supported MAC
names are the following:
-
hmac-md5
-
hmac-md5-96
-
hmac-sha1
-
hmac-sha1-96
-
hmac-sha256@ssh.com
-
hmac-sha256-96@ssh.com
In the FIPS mode, only hmac-sha1 is supported.
Special values for this option are the following:
-
Any: allows all the MAC values including none
-
AnyStd: allows only standard MACs and none
-
none: forbids any use of MACs
-
AnyMacnone
-
AnyStdMacAnyMac, but includes
only those MACs mentioned in IETF-SecSh-draft (excluding
none). This is the default value.
Both cipher and MAC can also be defined using command-line arguments with
ssh2scp2
$ scp2 -c twofish -m hmac-md5 foobar user@remote:./tmp
Note: Algorithm names are case-sensitive.
