[PVE-User] Unusual .ssh/config for root

Lex Rivera me at lex.io
Wed Oct 22 15:47:58 CEST 2014

This is probably due to blowfish being faster than AES.
Proxmox uses ssh for migrations and other tasks, and since they (mostly)
performs in private networks, there is no need for strong encryption.

On Wed, Oct 22, 2014, at 06:42 AM, Simone Piccardi wrote:
> Hi,
> I got some problems with the Ciphers config that I found in the 
> .ssh/config installed in the root home (ie /root/.ssh/config).
> I seems a Proxmox installed this file because I cannot find this file in 
> a standard Wheezy installation.
> The problem is when connecting with some firewall distribution (I got it 
> for IpFire, but I suspect it possible with other ones restricting the 
> usable Ciphers).
> The problem it that a normal ssh command simply give a "Connection 
> closed by XX.XX.XX.XX" when trying a connection. The same command  works 
> fine if you add -c aes128-ctr to command line.
> Looking at that config file I found blowfish-cbc as the first on the 
> list. If you remove it or put at the end of the list everithing work 
> again.  I don't understand why blowfish-cbc has to be the first choice. 
> I solved the problem in my server by using the following content of that 
> file:
> Ciphers 
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-cbc,3des-cbc
> but I'd like to know is this is something that can break other services 
> (like cluster one, that I'm not using in this case).
> Regards
> Simone
> -- 
> Simone Piccardi                                 Truelite Srl
> piccardi at truelite.it (email/jabber)             Via Monferrato, 6
> Tel. +39-347-1032433                            50142 Firenze
> http://www.truelite.it  Tel. +39-055-7879597    Fax. +39-055-7333336
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list