cipher specifications in ssh_config and sshd_config

azazel_at_azazel.us
Date: 09/27/03 

Date: Sat, 27 Sep 2003 02:53:56 -0700

I'm trying to modify the default cipher used without using -c at the
commandline each time. I am able to get successfull operation using
blowfish encryption by adding the line

Ciphers blowfish-cbc

to /etc/ssh/ssh_config

when I ssh -v to another server I get confirmation that blowfish-cbc
is being used in both directions.

However, the man page for ssh says that you can supply a comma
delimited listing of preferred ciphers in order of preference, which I
try to do by modifying the above line in ssh_config to the following

Cipher blowfish-cbc,3des-cbc

and then when I try to ssh, I get this.

 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
/etc/ssh/ssh_config line 34: Bad cipher '"blowfish-cbc,3des-cbc"'.

The same thing happens when I remove the -cbc from both cipher names.
I've tried formatting this a whole bunch of different ways. Adding a
space between the comma and the 2nd cipher, no comma with a space,
wrapping the whole thing in double quotes. Nothing works.

Is this functionality just broken? I can't get it to work on my
FreeBSD machien running 3.5p1, nor on a redhat machine running 3.7.1p1

The same error occurs when I try forcing the server to only accept a
certain set of ciphes in order of blowfish,3des. The daemon wont
start saying there is an error in /etc/ssh/sshd_config.

Ideas?

Relevant Pages

  • Re: Q: How to determine the input to ciphers
    ... It may be stressed that the indicated methodology ... does not modify the cipher being used. ... mounting attacks of the said genre. ...
    (sci.crypt)
  • Re: cipher specifications in ssh_config and sshd_config
    ... >I'm trying to modify the default cipher used without using -c at the ... >delimited listing of preferred ciphers in order of preference, ... ssh has two cipher directives, "Cipher" which sets the cipher for SSHv1 ... Good judgement comes with experience. ...
    (comp.security.ssh)