Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE
User Name
SUSE / openSUSE This Forum is for the discussion of Suse Linux.


  Search this Thread
Old 06-06-2007, 01:32 AM   #1
Registered: Aug 2005
Posts: 40

Rep: Reputation: 15
Change the default hashing algorithm used in SSH

I am using SLES 10. I want to stick to a specific hashing algorithm. How to see the default Hashing algorithm and how can i configure to use my hashing algorithm? I want these changes to be made permenent. I hope only LQ can help me rather than google Because, i already searched Google but in vain.
Old 06-06-2007, 02:46 AM   #2
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
from the sshd man page
"The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols
are supported by default, though this can be changed via the Protocol op-
tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro-
tocol 1 only supports RSA keys. For both protocols, each host has a
host-specific key, normally 2048 bits, used to identify the host.

Forward security for protocol 1 is provided through an additional server
key, normally 768 bits, generated when the server starts. This key is
normally regenerated every hour if it has been used, and is never stored
on disk. Whenever a client connects, the daemon responds with its public
host and server keys. The client compares the RSA host key against its
own database to verify that it has not changed. The client then gener-
ates a 256-bit random number. It encrypts this random number using both
the host key and the server key, and sends the encrypted number to the
server. Both sides then use this random number as a session key which is
used to encrypt all further communications in the session. The rest of
the session is encrypted using a conventional cipher, currently Blowfish
or 3DES, with 3DES being used by default. The client selects the encryp-
tion algorithm to use from those offered by the server.

For protocol 2, forward security is provided through a Diffie-Hellman key
agreement. This key agreement results in a shared session key. The rest
of the session is encrypted using a symmetric cipher, currently 128-bit
AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
client selects the encryption algorithm to use from those offered by the
Additionally, session integrity is provided through a crypto-
graphic message authentication code (hmac-sha1 or hmac-md5)."

I hope this answers your question.

it is in the sshd_config file for the hostkeys

Last edited by slimm609; 06-06-2007 at 02:47 AM.
Old 06-06-2007, 04:58 AM   #3
Registered: Aug 2005
Posts: 40

Original Poster
Rep: Reputation: 15
Thank you. I was searching for the MACs already defined in the /sshd_config file. But i failed to notice the field in man page. Thanks a lot.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
cannot change ssh default port winkydo Fedora 5 04-22-2007 05:36 PM
token bucket algorithm vs Leaky bucket algorithm xeon123 Linux - Networking 2 03-26-2007 05:57 AM
linux password hashing indienick Programming 5 05-18-2006 03:12 PM
Change Password Hash Algorithm Trano Linux - Security 1 08-23-2005 08:48 AM
FC2: SSH Default? proudclod Fedora 6 05-28-2004 12:24 PM > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE

All times are GMT -5. The time now is 03:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration