[PVE-User] Unusual .ssh/config for root
Simone Piccardi
piccardi at truelite.it
Wed Oct 22 15:42:24 CEST 2014
Hi,
I got some problems with the Ciphers config that I found in the
.ssh/config installed in the root home (ie /root/.ssh/config).
I seems a Proxmox installed this file because I cannot find this file in
a standard Wheezy installation.
The problem is when connecting with some firewall distribution (I got it
for IpFire, but I suspect it possible with other ones restricting the
usable Ciphers).
The problem it that a normal ssh command simply give a "Connection
closed by XX.XX.XX.XX" when trying a connection. The same command works
fine if you add -c aes128-ctr to command line.
Looking at that config file I found blowfish-cbc as the first on the
list. If you remove it or put at the end of the list everithing work
again. I don't understand why blowfish-cbc has to be the first choice.
I solved the problem in my server by using the following content of that
file:
Ciphers
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-cbc,3des-cbc
but I'd like to know is this is something that can break other services
(like cluster one, that I'm not using in this case).
Regards
Simone
--
Simone Piccardi Truelite Srl
piccardi at truelite.it (email/jabber) Via Monferrato, 6
Tel. +39-347-1032433 50142 Firenze
http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336
More information about the pve-user
mailing list