[afnog] Fwd: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

Phil Regnauld regnauld at nsrc.org
Thu Sep 1 08:11:40 UTC 2016


Andrew Alston (Andrew.Alston) writes:
> Just as a further note – 

	More side notes: if you're logging *into* an OpenSSH 7 (standard in
	Ubuntu 16.04), *from* IOS 15.x (probably unusual, but some use their
	routers as jumphosts), you'll need to add this on the OpenSSH side:

	Ciphers=+aes256-cbc

	... (or aes128-cbc or aes192-cbc).

	This is due to the recent deprecation of CBCs as insecure.







More information about the afnog mailing list