On 11/26/2016 01:28 PM, Gene Heskett wrote: > On Saturday 26 November 2016 08:32:22 Mark wrote: > >> On 11/26/2016 05:30 AM, Gene Heskett wrote: >>> Anyway, the point of this is, are you familiar enough to know the >>> fastest of this bunch: >>> gene@raspberrypi:~ $ ssh -Q cipher >>> 3des-cbc >>> blowfish-cbc >>> cast128-cbc >>> arcfour >>> arcfour128 >>> arcfour256 >>> aes128-cbc >>> aes192-cbc >>> aes256-cbc >>> rijndael-...@lysator.liu.se >>> aes128-ctr >>> aes192-ctr >>> aes256-ctr >>> aes128-...@openssh.com >>> aes256-...@openssh.com >>> chacha20-poly1...@openssh.com >>> >>> And is there a way to query the link, that actually returns the >>> cipher in use? That is so NOT in the man pages. >>> >>> I hope you are feeling better now. >>> >>> Cheers, Gene Heskett >> Gene, >> >> sshd is the one that actually controls which ciphers are in use. ssh >> selects which one it wants from from the laundry list sshd usually >> provides, unless you limit the choices. You can limit the choices >> either through the /etc/ssh_config, or the /etc/sshd_config. Do a >> "man sshd_config" or "man ssh_config". >> >> Look for "ciphers." >> >> Mark > None of the default installed /etc/ssh/sshd_config files even have the > word Cipher in them. I've gone around the local network and added it, > > Cipher chacha20-poly1...@openssh.com > > but have not restarted /etc/init.d/ssh on any of the machines yet. > > I have been haunting the odroid forum, with my question just now posted > being about establishing a hard wired link that is raw data, possibly > over the usb ports. I don't think its possible, and have the > keyboard/mouse plugged into the same hub, and only one hub per board. > > We'll see what falls out of that question over the weekend. The > odroid-c2's spi is over gpio, and slow, but thats one possibility, The > way I read the spi data that I have, damned sparse, it looks as if it > can service two channels as it has two cs lines. But can they multiplex > at two differing clock rates as the odroids is software slow, about 380 > Kbs. The raspi's SPI is hardware I think, and supposedly up to 20 Mbs. > > This here dirt doesn't have an awful lot of footprints on it, yet. :) > > Thanks Mark. > > Cheers, Gene Heskett
Yeah, they don't normally limit the amount of ciphers available to the sshd server, leaving it more or less up to the ssh connection inbound to set up which cipher it wants to use. That's why you don't see "cipher" lines in the sshd_config, since it limits the server to only those ciphers you have listed in there, unless you add a "+" to the cipher line and then it appends that to the existing list being used. Going into "man sshd_config" explains it a lot more fully. You do have to restart sshd for the changes to take effect. Mark ------------------------------------------------------------------------------ _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
