Hi Jeff, This one time, Jeff Bonner wrote: > I've been playing around with a Woody installation, connecting to it via > SSH2, with SecureCRT 3.4 for Win32. I think I've finally figured out what > encryption types this Debian package (ssh 3.0.2p1-9) supports, but please > correct me if I'm wrong -- http://www.openssh.org/features.html lists *only* > 3DES and Blowfish: > AES-128 > AES-192 > AES-256 (isn't this Rijndael now?) > Triple DES > Blowfish > RC4 > rijndael-128cbc > rijndael-192cbc > rijndael-256cbc > [EMAIL PROTECTED] [sic] > CAST-128cbc
Check the man page for what ciphers SSH2 accepts. I usually leave it on
Blowfish because it's secure and it's the fastest cipher. AES sucks
because it's dog slow, and it doesn't buy you that much more security
than Blowfish.
> Also, there's an option in SecureCRT called "MAC" which I guess refers
> to the
> hash: MD5, SHA1, MD5-96, and SHA1-96.
Pick SHA1 or SHA1-96. MD5 has been broken (or it's close to).
> Questions:
>
> 1) Are all those ciphers actually available in my SSH package?
Yep, as long as you have OpenSSL support :)
> 2) The SHA1-96 hash should be better than MD5-96, correct?
Correct.
> 3) Any reason you *wouldn't* want to use compression in SSH?
Yes, if you're going over a high speed line, no reason to use
compression. If you're connecting through a slow line (like a
modem), use compression.
-Anne
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' [EMAIL PROTECTED]
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pgpddVAxohnvS.pgp
Description: PGP signature
