On 10/10/2013 02:03 AM, Mihály Árva-Tóth wrote:
Hello,
Is there any acceptable reason to use 'blowfish' cipher in vzmigrate?
We are deny any incoming connection which doesn't use one of the
following cipher:
aes256-ctr,aes192-ctr,aes128-ctr
This is a security rule our company. When we upgrade vzctrl package, I
have to remove the cipher option from SSH_OPTIONS because overwritten
when upgrade done.
from: SSH_OPTIONS="-c blowfish -o BatchMode=yes"
to: SSH_OPTIONS="-o BatchMode=yes"
Can you ship official vzmigrate without cipher definition?
Simpler cipher usually improves transfer speed.
Have you tried to use vzmigrate with say "--ssh=-c aes256-ctr" option?
_______________________________________________
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users
