[rancid] Request to remove hardcoded SSH 3des cipher
heasley
heas at shrubbery.net
Wed Aug 17 14:11:59 UTC 2016
Wed, Aug 17, 2016 at 08:20:59AM -0500, Mark Felder:
> On Tue, Aug 16, 2016, at 17:19, heasley wrote:
> > Please try ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.4.99.tar.gz
> > which will be 3.5 and should address this.
>
> Thank you! I will do some testing.
thanks!
> A bit of feedback at first glance: In the FAQ you mention changing the
> ssh config:
>
> > Cipher 3des
> > Ciphers 3des-cbc
>
> This should be
>
> > Cipher +3des
> > Ciphers +3des-cbc
>
> You want the + so it's adding to those already enabled, not making it
> the only one available and downgrading the security of all connections.
> This way if a firmware upgrade for the device adds new SSH capabilities
> the new connections will auto-negotiate better security.
thanks!
More information about the Rancid-discuss
mailing list