[rancid] Request to remove hardcoded SSH 3des cipher

heasley heas at shrubbery.net
Wed Aug 17 14:11:59 UTC 2016


Wed, Aug 17, 2016 at 08:20:59AM -0500, Mark Felder:
> On Tue, Aug 16, 2016, at 17:19, heasley wrote:
> > Please try ftp://ftp.shrubbery.net/pub/rancid/alpha/rancid-3.4.99.tar.gz
> > which will be 3.5 and should address this.
> 
> Thank you! I will do some testing.

thanks!

> A bit of feedback at first glance: In the FAQ you mention changing the
> ssh config:
> 
> > Cipher 3des
> > Ciphers 3des-cbc
> 
> This should be 
> 
> > Cipher +3des
> > Ciphers +3des-cbc
> 
> You want the + so it's adding to those already enabled, not making it
> the only one available and downgrading the security of all connections.
> This way if a firmware upgrade for the device adds new SSH capabilities
> the new connections will auto-negotiate better security.

thanks!



More information about the Rancid-discuss mailing list