Show Contents / Index / Search

Encryption Tab (Secure Shell Settings)

Getting there

Use the Encryption tab of the Reflection Secure Shell Settings dialog box to specify what ciphers the Secure Shell connection should use. Different options are available depending on which Secure Shell protocol is used for the connection.

The options are:

SSH protocol 1

 

Cipher

Use this setting to select the cipher you want used for protocol 1 connections to the current host. The default is Triple DES and this option is recommended.

SSH protocol 2

 

Cipher List

Use this list to specify the ciphers you want to allow for protocol 2 connections to the current host. When more than one cipher is selected, the Secure Shell client attempts to use ciphers in the order you specify, starting from the top. To change the order, select an cipher from the list, then click the up or down arrow. The server configuration determines which cipher is used.

 

HMAC List

Specifies the HMAC (hashed message authentication code) methods you want to allow. This hash is used to verify the integrity of all data packets exchanged with the server. When more than one HMAC is selected, the Secure Shell client attempts to negotiate an HMAC with the server in the order you specify, starting from the top. To change the order, select an HMAC from the list, then click the up or down arrow.

SHA-1 is a 160-bit hash specified in the FIPS-186 publication.

MD5 is a 128-bit hash specified in RFC1321.

 

Key Exchange Algorithms

Specifies which key exchange algorithms the client supports, and the order of preference. The supported values are:

  • DH Group1 SHA1 - Specifies diffie-hellman-group1-sha1
  • DH Group Ex SHA1 - Specifies diffie-hellman-group-exchange-sha1

    Two additional encryption algorithms (gss-group1-sha1-*) are supported, but do not appear in the list of available key exchange algorithms. These two algorithms are automatically proposed by the client when you enable GSSAPI/Kerberos from the General tab (under User Authentication), and you also select Reflection Kerberos from the GSSAPI tab.

 

Signature types

Specifies the hash algorithm the client uses in the process of proving possession of the private key. This hash is used during public key user authentication. Use RSA to specify the hash used with RSA keys and DSA to specify the hash used with DSA keys.

 

Run in FIPS Mode

When Run in FIPS mode is selected, Reflection enforces the United States government Federal Information Processing Standard (FIPS) 140-2 for this connection. Options on the Encryption tab that do not meet this standard are not available when Run in FIPS mode is selected.

Notes

  • The settings you configure in this dialog box are saved to the Secure Shell configuration file. You can also configure Secure Shell settings by editing this file manually in any text editor.
  • Within the configuration file, these settings are saved for the currently specified SSH configuration scheme.