Date: Sat, 02 Mar 2013 17:02:10 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Mike Tancsa <mike@sentex.net> Cc: stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: Re: svn commit: r247485 - in stable/9: crypto/openssh crypto/openssh/openbsd-compat secure/lib/libssh secure/usr.sbin/sshd Message-ID: <86r4jxrdrx.fsf@ds4.des.no> In-Reply-To: <51316CA3.8000301@sentex.net> (Mike Tancsa's message of "Fri, 01 Mar 2013 22:06:11 -0500") References: <201302281843.r1SIhoaq004371@svn.freebsd.org> <5130D8E0.3020605@sentex.net> <5130E9F1.6050308@sentex.net> <867glqsy4q.fsf@ds4.des.no> <513108C4.10501@sentex.net> <8638wesvu1.fsf@ds4.des.no> <51316CA3.8000301@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa <mike@sentex.net> writes: > The pcaps and basic wireshark output at > > http://tancsa.com/openssh/ This is 6.1 with aesni vs 6.1 without aesni; what I wanted was 6.1 vs 5.8, both with aesni loaded. Could you also ktrace the server in both cases? An easy workaround is to change the list of ciphers the server will offer to clients by adding a "Ciphers" line in /etc/ssh/sshd_config. The default is: Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3= des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour Either remove the AES entries or move them further down the list. The client will normally pick the first supported cipher. As far as I can tell, SecureCRT supports all the same ciphers that OpenSSH does, so just moving arcfour{256,128} to the front of the list should work. (AFAIK, arcfour is also much faster than aes) DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r4jxrdrx.fsf>