[Users] Default cipher in vzmigrate

Mihály Árva-Tóth mihaly.arva-toth at virtual-call-center.eu
Thu Oct 10 02:03:29 PDT 2013


Hello,

Is there any acceptable reason to use 'blowfish' cipher in vzmigrate? We
are deny any incoming connection which doesn't use one of the following
cipher:

 aes256-ctr,aes192-ctr,aes128-ctr

This is a security rule our company. When we upgrade vzctrl package, I have
to remove the cipher option from SSH_OPTIONS because overwritten when
upgrade done.

from: SSH_OPTIONS="-c blowfish -o BatchMode=yes"
to: SSH_OPTIONS="-o BatchMode=yes"

Can you ship official vzmigrate without cipher definition?

Regards,
Mihaly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20131010/89ff9383/attachment.html>


More information about the Users mailing list