[pve-devel] [PATCH 3/3] PVE::API2::Nodes: use build_ssh_opt instead of static blowfish encryption
Stefan Priebe
s.priebe at profihost.ag
Tue Oct 30 15:44:33 CET 2012
From: Stefan Priebe <git at profihost.ag>
Signed-off-by: root <root at neuerserver.de-nserver.de.de-nserver.de>
---
PVE/API2/Nodes.pm | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index c2d9166..b1d505e 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -497,10 +497,13 @@ __PACKAGE__->register_method ({
$remip = PVE::Cluster::remote_node_ip($node);
}
- # NOTE: vncterm VNC traffic is already TLS encrypted,
- # so we select the fastest chipher here (or 'none'?)
- my $remcmd = $remip ?
- ['/usr/bin/ssh', '-c', 'blowfish-cbc', '-t', $remip] : [];
+ # NOTE: vncterm VNC traffic is already TLS encrypted
+ my $datacenterconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $ssh_opts = {};
+ $ssh_opts->{cipher} = $datacenterconf->{cipher} if ( $datacenterconf->{cipher} );
+
+ my $remcmd = $remip ?
+ ['/usr/bin/ssh', PVE::Tools::build_ssh_opt( $ssh_opts ), '-t', $remip] : [];
my $shcmd = $user eq 'root at pam' ? [ "/bin/bash", "-l" ] : [ "/bin/login" ];
--
1.7.2.5
More information about the pve-devel
mailing list