Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
A combined cipher/MAC scheme using AES in a Galois Counter Mode (GCM) is defined for SSH by RFC 5647.
OpenSSH defines and implements its own versions, aes256-gcm@openssh.com and aes128-gcm@openssh.com (described in their protocol extension documentation), which use the same cryptography but avoid the badly-specified negotiation semantics in the RFC.
As of August 2022, PuTTY implements this - only the OpenSSH variants, so PuTTY won't use this cipher/MAC with SSH servers that only offer the unsuffixed aes256-gcm and aes128-gcm protocol IDs (if any such servers exist). (PuTTY's implementation makes basic use of processor cryptographic acceleration where available, although it could probably be improved upon.)