[rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?
Piegorsch, Weylin William
weylin at bu.edu
Sat Mar 10 04:52:37 UTC 2018
Have you tried specifying all the cyphertypes your system support? I manually ran the command ssh -vvv <device> and read the (incredibly plentiful) output to find what my system was offering; then, I just specified all of them in .cloginrc. The target system will only accept those cypher it supports, so there's no harm to the SSH protocol to offer as many as you want.
If you're interested in being security conscious, that's a much more involved discussion. I've not researched that - while I'm aware of the discussion around the topic, I'm nonetheless much more concerned (in my current job, anyway) with inter-operability than encryption strength.
weylin
On 3/7/18, 5:01 PM, "Sebastien.Boulianne at cpu.ca" <Sebastien.Boulianne at cpu.ca> wrote:
Hi guys,
I am curious to know which cypertype do you use to connect to Cisco and Fortinet devices ?
I use aes256-ctr aes256-cbc but I would like to know which others cypertype work.
Thanks for your answer.
Sebastien
More information about the Rancid-discuss
mailing list