[rancid] Request to remove hardcoded SSH 3des cipher
Mark Felder
feld at FreeBSD.org
Wed Aug 17 13:20:59 UTC 2016
On Tue, Aug 16, 2016, at 17:19, heasley wrote:
>
> Please try ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.4.99.tar.gz
> which will be 3.5 and should address this.
Thank you! I will do some testing.
A bit of feedback at first glance: In the FAQ you mention changing the
ssh config:
> Cipher 3des
> Ciphers 3des-cbc
This should be
> Cipher +3des
> Ciphers +3des-cbc
You want the + so it's adding to those already enabled, not making it
the only one available and downgrading the security of all connections.
This way if a firmware upgrade for the device adds new SSH capabilities
the new connections will auto-negotiate better security.
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the Rancid-discuss
mailing list