On Thu, Apr 05, 2018 at 01:51:51PM +0200, Renaud Allard wrote:
> Hello,
>
> The man page for openssh 7.7 for Ciphers specifications mentions:
>
> The default is:
> chacha20-poly1...@openssh.com,
> aes128-ctr,aes192-ctr,aes256-ctr,
> aes128-...@openssh.com,aes256-...@openssh.com,
> aes128-cbc,aes192-cbc,aes256-cbc
>
>
> However, ssh doesn't use the last line in that list:
> $ ssh -G 127.0.0.1 |grep ciphers
> ciphers
> chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
>
> The changelog doesn't mention any change in the ciphers either.
>
>
>
> Regards
>
The man ssh_config page is wrong (sshd_config is right).
-Otto
Index: ssh_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.268
diff -u -p -r1.268 ssh_config.5
--- ssh_config.5 23 Feb 2018 07:38:09 -0000 1.268
+++ ssh_config.5 5 Apr 2018 12:08:36 -0000
@@ -425,8 +425,7 @@ The default is:
.Bd -literal -offset indent
chacha20-poly1...@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-...@openssh.com,aes256-...@openssh.com,
-aes128-cbc,aes192-cbc,aes256-cbc
+aes128-...@openssh.com,aes256-...@openssh.com
.Ed
.Pp
The list of available ciphers may also be obtained using
