OpenSSH default/preferred ciphers, hash, etc for SSH2

  • When using OpenSSH server (sshd) and client (ssh), what are all of the default / program preferred ciphers, hash, etc. (security related) and their default options (such as key length)?

    So, what are the defaults for symmetric key, MAC, key exchange, etc.

    Isn't this covered in the documentation for OpenSSH? "Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The supported ciphers are ''3des-cbc'', ''aes128-cbc'', ''aes192-cbc'', ''aes256-cbc'', ''aes128-ctr'', ''aes192-ctr'', ''aes256-ctr'', ''arcfour128'', ''arcfour256'', ''arcfour'', ''blowfish-cbc'', and ''cast128-cbc''. " (from sshd_config)

    I'm looking for the default (i.e. what gets choosen) for each category of security-related items. not all of the possible choices for each category. See my comment to schroeder's answer below.

    Updated title - requesting info for SSH v2 only.

  • The default algorithms (that is, the algorithms which the client and server prefer to use when given the choice) depend on the client and server implementations, how they were compiled and configured. So it may depend on the software vendor, software version, operating system distribution, and sysadmin choices.

    On an Ubuntu 12.10, man ssh_config indicates that the default order for encryption is:

                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
                aes256-cbc,arcfour
    

    while the default order for MAC (integrity) is:

                hmac-md5,hmac-sha1,[email protected],
                hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
                hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
                hmac-sha2-512-96
    

    The key exchange algorithm would follow this order of preference:

                ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                diffie-hellman-group-exchange-sha256,
                diffie-hellman-group-exchange-sha1,
                diffie-hellman-group14-sha1,
                diffie-hellman-group1-sha1
    

    Of course, preferences are subject to negotiation. An algorithm will be selected only if both the client and server support it (in particular, ECDH key exchange support is rather recent), and both client and server have their say in it (if they do not have the exact same preferences).

    A survey is theoretically doable: connect to random IP address, and, if a SSH server responds, work out its preferred list of ciphers and MAC (by connecting multiple times, restricting the list of choices announced by the client). OpenSSH makes usage surveys but they are not as thorough (they just want the server "banner").

    I couldn't resist and did a little benchmark of all the known ciphers. But as always: "Lies, Damned Lies and Benchmarks" applies :-)

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM