[rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?

Piegorsch, Weylin William weylin at bu.edu
Sat Mar 10 04:52:37 UTC 2018


Have you tried specifying all the cyphertypes your system support?  I manually ran the command ssh -vvv <device> and read the (incredibly plentiful) output to find what my system was offering; then, I just specified all of them in .cloginrc.  The target system will only accept those cypher it supports, so there's no harm to the SSH protocol to offer as many as you want.

If you're interested in being security conscious, that's a much more involved discussion. I've not researched that - while I'm aware of the discussion around the topic, I'm nonetheless much more concerned (in my current job, anyway) with inter-operability than encryption strength.

weylin

On 3/7/18, 5:01 PM, "Sebastien.Boulianne at cpu.ca" <Sebastien.Boulianne at cpu.ca> wrote:

    Hi guys,
    
    I am curious to know which cypertype do you use to connect to Cisco and Fortinet devices ?
    I use aes256-ctr aes256-cbc but I would like to know which others cypertype work.
    
    Thanks for your answer.
    
    Sebastien
    
    
    



More information about the Rancid-discuss mailing list