Mike Tancsa <m...@sentex.net> writes:
> The pcaps and basic wireshark output at
>
> http://tancsa.com/openssh/
This is 6.1 with aesni vs 6.1 without aesni; what I wanted was 6.1 vs
5.8, both with aesni loaded.
Could you also ktrace the server in both cases?
An easy workaround is to change the list of ciphers the server will
offer to clients by adding a "Ciphers" line in /etc/ssh/sshd_config.
The default is:
Ciphers
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour
Either remove the AES entries or move them further down the list. The
client will normally pick the first supported cipher. As far as I can
tell, SecureCRT supports all the same ciphers that OpenSSH does, so just
moving arcfour{256,128} to the front of the list should work.
(AFAIK, arcfour is also much faster than aes)
DES
--
Dag-Erling Smørgrav - d...@des.no
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
