1 Debian/OpenSSH6 man page shows the following:
3 Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be
4 comma-separated. The supported ciphers are “3des-cbc”, “aes128-cbc”, “aes192-cbc”,
5 “aes256-cbc”, “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”, “arcfour256”,
6 “arcfour”, “blowfish-cbc”, and “cast128-cbc”. The default is:
8 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
9 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
12 TODO: which of those should be used?
14 MACs Specifies the available MAC (message authentication code) algorithms. The MAC algo‐
15 rithm is used in protocol version 2 for data integrity protection. Multiple algo‐
16 rithms must be comma-separated. The default is:
18 hmac-md5,hmac-sha1,umac-64@openssh.com,
19 hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
20 hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
23 TODO: which of those should be used?
25 Regarding compression: the default for compression is "delayed" which means, that compression
26 will only kick in after successful authentication (possibilities: yes, no, delayed).
28 TODO: does this put users at risk? shall compression be disabled alltogether?