Re: [rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?

[Sebastien.Boulianne]

Thanks sir.

-Message d'origine-
De : heasley [mailto:h...@shrubbery.net] 
Envoyé : 10 mars 2018 10:24
À : Piegorsch, Weylin William 
Cc : Sebastien Boulianne ; 
rancid-discuss@shrubbery.net
Objet : Re: [rancid] Which cypertype should use to connect to Cisco and 
Fortinet devices ?

Sat, Mar 10, 2018 at 04:52:37AM +, Piegorsch, Weylin William:
> Have you tried specifying all the cyphertypes your system support?  I 
> manually ran the command ssh -vvv  and read the (incredibly 
> plentiful) output to find what my system was offering; then, I just specified 
> all of them in .cloginrc.  The target system will only accept those cypher it 
> supports, so there's no harm to the SSH protocol to offer as many as you want.

see ssh -Q

Also, these can be placed these in ~/.ssh/config or /etc/ssh/ssh_config so that 
they work outside of rancid too.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?

[heasley]

Sat, Mar 10, 2018 at 04:52:37AM +, Piegorsch, Weylin William:
> Have you tried specifying all the cyphertypes your system support?  I 
> manually ran the command ssh -vvv  and read the (incredibly 
> plentiful) output to find what my system was offering; then, I just specified 
> all of them in .cloginrc.  The target system will only accept those cypher it 
> supports, so there's no harm to the SSH protocol to offer as many as you want.

see ssh -Q

Also, these can be placed these in ~/.ssh/config or /etc/ssh/ssh_config so
that they work outside of rancid too.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?

[Piegorsch, Weylin William]

Have you tried specifying all the cyphertypes your system support?  I manually 
ran the command ssh -vvv  and read the (incredibly plentiful) output to 
find what my system was offering; then, I just specified all of them in 
.cloginrc.  The target system will only accept those cypher it supports, so 
there's no harm to the SSH protocol to offer as many as you want.

If you're interested in being security conscious, that's a much more involved 
discussion. I've not researched that - while I'm aware of the discussion around 
the topic, I'm nonetheless much more concerned (in my current job, anyway) with 
inter-operability than encryption strength.

weylin

On 3/7/18, 5:01 PM, "sebastien.boulia...@cpu.ca"  
wrote:

Hi guys,

I am curious to know which cypertype do you use to connect to Cisco and 
Fortinet devices ?
I use aes256-ctr aes256-cbc but I would like to know which others cypertype 
work.

Thanks for your answer.

Sebastien




___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

[rancid] Which cypertype should use to connect to Cisco and Fortinet devices ?

[Sebastien.Boulianne]

Hi guys,

I am curious to know which cypertype do you use to connect to Cisco and 
Fortinet devices ?
I use aes256-ctr aes256-cbc but I would like to know which others cypertype 
work.

Thanks for your answer.

Sebastien

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss