[pve-devel] [PATCH 2/2] PVE::API2::Qemu: use build_ssh_opt instead of static blowfish encryption

Stefan Priebe s.priebe at profihost.ag
Tue Oct 30 15:44:30 CET 2012


From: Stefan Priebe <git at profihost.ag>


Signed-off-by: root <root at neuerserver.de-nserver.de.de-nserver.de>
---
 PVE/API2/Qemu.pm |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index ce1f6c5..f337afe 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1074,9 +1074,11 @@ __PACKAGE__->register_method({
 	}
 
 	# NOTE: kvm VNC traffic is already TLS encrypted,
-	# so we select the fastest chipher here (or 'none'?)
-	my $remcmd = $remip ? ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes',
-			       '-c', 'blowfish-cbc', $remip] : [];
+        my $datacenterconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
+        my $ssh_opts = {};
+        $ssh_opts->{cipher} = $datacenterconf->{cipher} if ( $datacenterconf->{cipher} );
+
+	my $remcmd = $remip ? ['/usr/bin/ssh', '-T', PVE::Tools::build_ssh_opt( $ssh_opts ), $remip] : [];
 
 	my $timeout = 10;
 
-- 
1.7.2.5




More information about the pve-devel mailing list