OpenSSH default/preferred ciphers, hash, etc for SSH2
When using OpenSSH server (
sshd) and client (
ssh), what are all of the default / program preferred ciphers, hash, etc. (security related) and their default options (such as key length)?
So, what are the defaults for symmetric key, MAC, key exchange, etc.
Isn't this covered in the documentation for OpenSSH? "Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The supported ciphers are ''3des-cbc'', ''aes128-cbc'', ''aes192-cbc'', ''aes256-cbc'', ''aes128-ctr'', ''aes192-ctr'', ''aes256-ctr'', ''arcfour128'', ''arcfour256'', ''arcfour'', ''blowfish-cbc'', and ''cast128-cbc''. " (from sshd_config)
I'm looking for the default (i.e. what gets choosen) for each category of security-related items. not all of the possible choices for each category. See my comment to schroeder's answer below.
The default algorithms (that is, the algorithms which the client and server prefer to use when given the choice) depend on the client and server implementations, how they were compiled and configured. So it may depend on the software vendor, software version, operating system distribution, and sysadmin choices.
On an Ubuntu 12.10,
man ssh_configindicates that the default order for encryption is:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour
while the default order for MAC (integrity) is:
hmac-md5,hmac-sha1,[email protected], hmac-ripemd160,hmac-sha1-96,hmac-md5-96, hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512, hmac-sha2-512-96
The key exchange algorithm would follow this order of preference:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Of course, preferences are subject to negotiation. An algorithm will be selected only if both the client and server support it (in particular, ECDH key exchange support is rather recent), and both client and server have their say in it (if they do not have the exact same preferences).
A survey is theoretically doable: connect to random IP address, and, if a SSH server responds, work out its preferred list of ciphers and MAC (by connecting multiple times, restricting the list of choices announced by the client). OpenSSH makes usage surveys but they are not as thorough (they just want the server "banner").