PDA

View Full Version : How do I check ssh encryption config?


Brent Lahaise
09-27-2008, 05:58 AM
A vendor/consultant has pre-configured Dbvisit Standby and created various scripts for set up and data transfer. however before data transfer begins, Management wants to verify how strong the encryption is. SSH allows several different symmetric algorithms (e.g. AES, Blowfish, TDES) and several different key lengths for session/data encryption. How can I verify the configuration of ssh encryption used by Dbvisit Standby?

Arjen Visser
09-27-2008, 08:58 PM
For a Unix/Linux environment, Dbvisit Standby uses the SSH implementation that is
configured on the server. So the protocol is dependent
upon what is configured on your server. In most cases this will be the SSH2
protocol and using either the RSA or the DSA/DSS
algorithm.
Dbvisit Standby will work with any SSH implementation on your server.
To check the SSH implementation you can use the following command:
scp -vv file_to_copy oracle@standby_server:/usr/tmp
Where file_to_copy is a local file and oracle@standby_server is the standby server name with login oracle.

For a Windows environment, Dbvisit Standby uses WinSSHD for the SSH implementation.
WinSSHD uses SSH2 protocol with the following
algorithms:
Algorithm: ssh-dss, Size: 1024 bits,
Bubble-Babble:
xotog-pycan-libum-kysud-kucup-cerom-dimuf-nokum-gyfok-bodec-maxox.
Key exchange: diffie-hellman-group14-sha1. Session encryption: aes256-cbc,
MAC:hmac-sha1