Ssh Ciphers; Ssh Mac Algorithms; Ssh Compression - Nortel Secure 4134 Configuration

76 SSH2 fundamentals

SSH ciphers

Ciphers are methods for encrypting and decrypting data. There are two
classes of key-based encryption algorithms, symmetric (or secret-key) and
asymmetric (or public-key) algorithms. While symmetric algorithms use the
same key for encryption and decryption, the asymmetric algorithms use
different keys for encryption and decryption (a private and public key pair).
Here the decryption key cannot be derived from the encryption key. The list
of symmetric algorithms supported for SR4134 are as follows:
Table 6
SSH ciphers
Name
3des-cbc
blowfish-cbc
aes128-cbc
aes192-cbc
aes256-cbc

SSH MAC algorithms

The Message Authentication Code algorithms are usually hash functions
which compress the bits of a message to a fixed-size hash value in a way
that distributes the possible messages evenly among the possible hash
values. A cryptographic hash function does this in a way that makes it
extremely difficult to come up with a message that would hash to a particular
hash value. The MAC algorithms supported for SR4134 are as follows:
Table 7
SSH MAC algorithms
Name
hmac-sha1
hmac-sha1-96
hmac-md5
hmac-md5-96

SSH compression

SSH uses GNU ZLIB (LZ77) for compression. The ZLIB compression
is described in RFC 1950 and in RFC 1951. By default, compression is
enabled.
Copyright © 2007, Nortel Networks
.
Description
3 key DES in CBC mode
Blowfish in CBC mode
AES, CBC mode, 128-bit key
AES, CBC mode, 192-bit key
AES, CBC mode, 256-bit key
Description
HMAC-SHA1 (digest length = key length = 20)
first 96 bits of HMAC-SHA1 (digest length = 12, key length =
20)
HMAC-MD5 (digest length = key length = 16)
first 96 bits of HMAC-MD5 (digest length = 12, key length =
16)
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007