[pve-devel] [PATCH 2/3] PVE::API2::OpenVZ: use build_ssh_opt instead of static blowfish encryption
Stefan Priebe
s.priebe at profihost.ag
Tue Oct 30 15:44:29 CET 2012
From: Stefan Priebe <git at profihost.ag>
Signed-off-by: root <root at neuerserver.de-nserver.de.de-nserver.de>
---
PVE/API2/OpenVZ.pm | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/PVE/API2/OpenVZ.pm b/PVE/API2/OpenVZ.pm
index 846021a..47d7d70 100644
--- a/PVE/API2/OpenVZ.pm
+++ b/PVE/API2/OpenVZ.pm
@@ -859,10 +859,13 @@ __PACKAGE__->register_method ({
$remip = PVE::Cluster::remote_node_ip($node);
}
- # NOTE: vncterm VNC traffic is already TLS encrypted,
- # so we select the fastest chipher here (or 'none'?)
+ # NOTE: vncterm VNC traffic is already TLS encrypted
+ my $datacenterconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $ssh_opts = {};
+ $ssh_opts->{cipher} = $datacenterconf->{cipher} if ( $datacenterconf->{cipher} );
+
my $remcmd = $remip ?
- ['/usr/bin/ssh', '-c', 'blowfish-cbc', '-t', $remip] : [];
+ ['/usr/bin/ssh', PVE::Tools::build_ssh_opt( $ssh_opts ), '-t', $remip] : [];
my $shcmd = [ '/usr/bin/dtach', '-A',
"/var/run/dtach/vzctlconsole$vmid",
--
1.7.2.5
More information about the pve-devel
mailing list