Differences
This shows you the differences between the selected revisions of the page.
| 2008-11-13 | 2008-11-13 | ||
| no summary (90.19.141.67) (hidden) | Restored revision 1216164453. Undoing revisions 1226601758, 1226601779. (martin) (hidden) | ||
| Line 38: | Line 38: | ||
| [[administration|System administrator can restrict]] connection to server without having their host keys accepted in advance. | [[administration|System administrator can restrict]] connection to server without having their host keys accepted in advance. | ||
| - | == | + | ===== Encryption in SSH ===== |
| - | in | + | SSH clients and servers can use a number of encryption methods. In the older SSH-1 protocol, 3DES and DES are typically used. |
| + | SSH-2 adds support for additional encryption methods including AES and | ||
| + | Blowfish. By default, AES is used if supported by the server. While AES is | ||
| + | considered to be highly secure, AES encryption requires substantial processor overhead. Blowfish is also considered | ||
| + | secure, but with less computational overhead, it's also theoretically | ||
| + | easier to perform a brute-force attack. Depending on your security and | ||
| + | performance requirements, you may wish to configure WinSCP to prefer | ||
| + | the Blowfish algorithm. 3DES and DES are used with SSH-1 servers. DES | ||
| + | is widely regarded as insecure, as the resources to perform an | ||
| + | exhaustive brute-force attack have been well within the realm of | ||
| + | commercial feasibility for some time. | ||
| ===== SSH Protocols ===== | ===== SSH Protocols ===== | ||
| Line 53: | Line 63: | ||
| [[ui_login_ssh|SSH preferences]]. | [[ui_login_ssh|SSH preferences]]. | ||
| + | ===== Compression ===== | ||
| + | SSH supports data stream compression between the client | ||
| + | and the server. On slow links, this may increase throughput, while in faster connections the added CPU overhead may actually result in | ||
| + | slower transfers, particularly depending on the data type you're transferring. Large text files may still benefit significantly, while | ||
| + | binaries may transfer more slowly. You may want to | ||
| + | experiment to find what works best in your situation. Compression may | ||
| + | also improve security slightly, in part by rendering known cyphertext | ||
| + | attacks more difficult and by providing less data for | ||
| + | cryptanalysis. | ||