Encryption Tab (Secure Shell Settings)

Use the Encryption tab of the Reflection Secure Shell Settings dialog box to specify what ciphers the Secure Shell connection should use. Different options are available depending on which Secure Shell protocol is used for the connection.

The options are:

SSH protocol 2

Cipher List

Use this list to specify the ciphers you want to allow for protocol 2 connections to the current host. When more than one cipher is selected, the Secure Shell client attempts to use ciphers in the order you specify, starting from the top. To change the order, select a cipher from the list, then click the up or down arrow. The cipher used for a given session is the first item in this list that is also supported by the server.

HMAC List

Specifies the HMAC (hashed message authentication code) methods you want to allow. This hash is used to verify the integrity of all data packets exchanged with the server. When more than one HMAC is selected, the Secure Shell client attempts to negotiate an HMAC with the server in the order you specify, starting from the top. To change the order, select an HMAC from the list, then click the up or down arrow.

Key Exchange Algorithms

Specifies which key exchange algorithms the client supports, and the order of preference.

In some cases, you may need to change the order of the key exchange algorithms to put DH Group14 SHA1 ahead of the other values. This is required if you want use the hmac-sha512 MAC, or if you see the following error during key exchange: "fatal: dh_gen_key: group too small: 1024 (2*need 1024)".

Two additional encryption algorithms (gss-group1-sha1-*) are supported, but do not appear in the list of available key exchange algorithms. These two algorithms are automatically proposed by the client when you enable GSSAPI/Kerberos from the General tab (under User Authentication), and you also select Reflection Kerberos from the GSSAPI tab.

Signature types

Specifies the hash algorithm the client uses in the process of proving possession of the private key. This hash is used during public key user authentication. Use RSA to specify the hash used with RSA keys and DSA to specify the hash used with DSA keys.

SSH protocol 1 Cipher

Use this setting to select the cipher you want used for protocol 1 connections to the current host. The default is Triple DES and this option is recommended.

Run in FIPS Mode

When Run in FIPS mode is selected, Reflection enforces the United States government Federal Information Processing Standard (FIPS) 140-2 for this connection. Options on the Encryption tab that do not meet this standard are not available when Run in FIPS mode is selected.

NOTE:

  • The settings you configure in this dialog box are saved to the Secure Shell configuration file. You can also configure Secure Shell settings by editing this file manually in any text editor.

  • Within the configuration file, these settings are saved for the currently specified SSH configuration scheme.