testing: Use AES-GCM for SSH connections
authorTobias Brunner <tobias@strongswan.org>
Tue, 18 Sep 2018 14:49:49 +0000 (16:49 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 30 Oct 2018 14:06:57 +0000 (15:06 +0100)
RC4, which was previously used for performance reasons, is not supported
anymore with newer versions of SSH (stretch still supports it, but it
requires explicit configuration on the guests when they act as clients
too - the version in Ubuntu 18.04 apparently doesn't support it anymore
at all).

AES-GCM should actually be faster (at least for larger amounts of data and
in particular with hardware acceleration).

testing/hosts/default/etc/ssh/sshd_config

index 46b1f02..23fed4e 100644 (file)
@@ -1,5 +1,6 @@
 Port 22
 Protocol 2
 Port 22
 Protocol 2
+Ciphers aes128-gcm@openssh.com
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key