The algorithm(s) used for session encryption can be specified in the
sshd2_config
file:
Ciphers aes128-cbc,3des-cbc
The system will attempt to use the different encryption ciphers in the sequence specified on the line. Currently supported cipher names are the following:
aes128-cbc | blowfish-cbc | twofish256-cbc |
aes192-cbc | cast128-cbc | cast128-12-cbc@ssh.com |
aes256-cbc | twofish-cbc | des-cbc@ssh.com |
3des-cbc | twofish128-cbc | seed-cbc@ssh.com |
arcfour | twofish192-cbc | rijndael-cbc@ssh.com |
Special values for this option are the following:
Any
: allows all the ciphers including
none
AnyStd
: allows only the ciphers mentioned in
IETF SecSh draft and none
. The standard
ciphers are aes128-cbc
, 3des-cbc
,
twofish128-cbc
, cast128-cbc
,
twofish-cbc
, blowfish-cbc
, idea-cbc
,
aes192-cbc
, aes256-cbc
,
twofish192-cbc
, twofish256-cbc
, and
arcfour
.
none
: no encryption, connection will be in plaintext
AnyCipher
: allows any available cipher apart from the
non-encrypting cipher mode none
AnyStdCipher
: the same as AnyCipher
, but
includes only those ciphers mentioned in IETF SecSh draft
(excluding none
)
The default ciphers are aes128-cbc
, aes192-cbc
,
aes256-cbc
and 3des-cbc
.