The "-c cipher_sec" section says that 3des is still the default cipher. Also newer ciphers like aes and arcfour are not listed.
Quoting it in full: " -c cipher_spec Selects the cipher specification for encrypting the session. Protocol version 1 allows specification of a single cipher. The supported values are ``3des'', ``blowfish'', and ``des''. 3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. It is believed to be secure. blowfish is a fast block cipher; it appears very secure and is much faster than 3des. des is only supported in the ssh client for interoperability with legacy protocol 1 implementations that do not support the 3des cipher. Its use is strongly discouraged due to cryptographic weaknesses. The default is ``3des''. For protocol version 2, cipher_spec is a comma-separated list of ciphers listed in order of preference. See the Ciphers keyword for more information." There's 2 paragraphs: the first describes version 1 of the protocol for which the default *is* 3des. The default cipher list for protocol 2 list listed in ssh_config(5): "Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The sup- ported ciphers are "3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour128", "arcfour256", "arcfour", "blowfish-cbc", and "cast128-cbc". The default is: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour" The reference in ssh(1) should be a reference to ssh_config(5) though.
Darren has updated ssh(1): revision 1.307 date: 2010/07/23 08:49:25; author: dtucker; state: Exp; lines: +5 -3 Ciphers is documented in ssh_config(5) these days This was released in OpenSSH 5.6
With the release of OpenSSH 5.6p1 this bug is now considered closed. If you have further problems please reopen or file a new bug as appropriate.