svn commit: r247485 - in stable/9: crypto/openssh crypto/openssh/openbsd-compat secure/lib/libssh secure/usr.sbin/sshd
Dag-Erling Smørgrav
des at des.no
Sat Mar 2 16:02:11 UTC 2013
Mike Tancsa <mike at sentex.net> writes:
> The pcaps and basic wireshark output at
>
> http://tancsa.com/openssh/
This is 6.1 with aesni vs 6.1 without aesni; what I wanted was 6.1 vs
5.8, both with aesni loaded.
Could you also ktrace the server in both cases?
An easy workaround is to change the list of ciphers the server will
offer to clients by adding a "Ciphers" line in /etc/ssh/sshd_config.
The default is:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour
Either remove the AES entries or move them further down the list. The
client will normally pick the first supported cipher. As far as I can
tell, SecureCRT supports all the same ciphers that OpenSSH does, so just
moving arcfour{256,128} to the front of the list should work.
(AFAIK, arcfour is also much faster than aes)
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-stable
mailing list