[Users] Default cipher in vzmigrate
Kir Kolyshkin
kir at openvz.org
Thu Oct 17 15:34:41 PDT 2013
On 10/10/2013 02:03 AM, Mihály Árva-Tóth wrote:
> Hello,
>
> Is there any acceptable reason to use 'blowfish' cipher in vzmigrate?
> We are deny any incoming connection which doesn't use one of the
> following cipher:
>
> aes256-ctr,aes192-ctr,aes128-ctr
>
> This is a security rule our company. When we upgrade vzctrl package, I
> have to remove the cipher option from SSH_OPTIONS because overwritten
> when upgrade done.
>
> from: SSH_OPTIONS="-c blowfish -o BatchMode=yes"
> to: SSH_OPTIONS="-o BatchMode=yes"
>
> Can you ship official vzmigrate without cipher definition?
Simpler cipher usually improves transfer speed.
Have you tried to use vzmigrate with say "--ssh=-c aes256-ctr" option?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20131017/3e0583a9/attachment.html>
More information about the Users
mailing list