[afnog] Fwd: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
Phil Regnauld
regnauld at nsrc.org
Thu Sep 1 08:11:40 UTC 2016
Andrew Alston (Andrew.Alston) writes:
> Just as a further note –
More side notes: if you're logging *into* an OpenSSH 7 (standard in
Ubuntu 16.04), *from* IOS 15.x (probably unusual, but some use their
routers as jumphosts), you'll need to add this on the OpenSSH side:
Ciphers=+aes256-cbc
... (or aes128-cbc or aes192-cbc).
This is due to the recent deprecation of CBCs as insecure.
More information about the afnog
mailing list