This is probably due to blowfish being faster than AES. Proxmox uses ssh for migrations and other tasks, and since they (mostly) performs in private networks, there is no need for strong encryption.
On Wed, Oct 22, 2014, at 06:42 AM, Simone Piccardi wrote: > Hi, > > I got some problems with the Ciphers config that I found in the > .ssh/config installed in the root home (ie /root/.ssh/config). > > I seems a Proxmox installed this file because I cannot find this file in > a standard Wheezy installation. > > The problem is when connecting with some firewall distribution (I got it > for IpFire, but I suspect it possible with other ones restricting the > usable Ciphers). > > The problem it that a normal ssh command simply give a "Connection > closed by XX.XX.XX.XX" when trying a connection. The same command works > fine if you add -c aes128-ctr to command line. > > > Looking at that config file I found blowfish-cbc as the first on the > list. If you remove it or put at the end of the list everithing work > again. I don't understand why blowfish-cbc has to be the first choice. > I solved the problem in my server by using the following content of that > file: > > Ciphers > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,blowfish-cbc,3des-cbc > > but I'd like to know is this is something that can break other services > (like cluster one, that I'm not using in this case). > > Regards > Simone > -- > Simone Piccardi Truelite Srl > [email protected] (email/jabber) Via Monferrato, 6 > Tel. +39-347-1032433 50142 Firenze > http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336 > _______________________________________________ > pve-user mailing list > [email protected] > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
