From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 18 Sep 2018 14:49:49 +0000 (+0200)
Subject: testing: Use AES-GCM for SSH connections
X-Git-Tag: 5.7.2dr2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a29f70e4fb17a4504afa2926771aa01df064b323;p=thirdparty%2Fstrongswan.git

testing: Use AES-GCM for SSH connections

RC4, which was previously used for performance reasons, is not supported
anymore with newer versions of SSH (stretch still supports it, but it
requires explicit configuration on the guests when they act as clients
too - the version in Ubuntu 18.04 apparently doesn't support it anymore
at all).

AES-GCM should actually be faster (at least for larger amounts of data and
in particular with hardware acceleration).
---

diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config
index 46b1f02314..23fed4ed03 100644
--- a/testing/hosts/default/etc/ssh/sshd_config
+++ b/testing/hosts/default/etc/ssh/sshd_config
@@ -1,5 +1,6 @@
 Port 22
 Protocol 2
+Ciphers aes128-gcm@openssh.com
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key