Dropped outdated arcfour cipher #12
Conversation
|
Identified the issue with outdated |
| @@ -86,7 +86,7 @@ def send(self, raises=True): | |||
| '--inplace ' | |||
| '--delete-excluded ' | |||
| '--delete ' | |||
| '-e \"ssh -T -c arcfour -o Compression=no -x\" ' | |||
There was a problem hiding this comment.
as I remember, this cipher was passed to have the least possible network overhead, so what is the next another cipher we can pass from the supported ones?
There was a problem hiding this comment.
OK, that makes sense. Let me look around to see which cipher should replace arcfour.
There was a problem hiding this comment.
Based on this old post: https://blog.famzah.net/2010/06/11/openssh-ciphers-performance-benchmark/ indeed the best was arcfour. But later, author updated his benchmark https://blog.famzah.net/2015/06/26/openssh-ciphers-performance-benchmark-update-2015/ and found that the fastest is [email protected].
According to analysis, everything depends on type of platform. AES instruction set, introduced by Intel in 2010 and AMD in mid-2013 is significantly improving speeds of operations.
Do you think we should force ssh to use this cipher? Would it make sense to leave decision about cipher up to ssh?
There was a problem hiding this comment.
let's use [email protected] then
the point of pytest-cloud that it's an opinionated approach, so the less to configure for the user is better
There was a problem hiding this comment.
Replaced with [email protected]. Thanks
There was a problem hiding this comment.
can't this option be just confuguration with sane default?
There was a problem hiding this comment.
OK, I'll try making it config option.
There was a problem hiding this comment.
@bubenkoff @spinus is it looking better now?
OpenSSL 7.6 removed support for arcfour. rsync which uses ssh is trying to establish connection with use of arcfour. For newer installations it is ending with an error to establish connection. Removed hardcoded arcfour cipher from code.
OpenSSH 7.6 is dropping support for arcfour. Many versions have already disabled this cipher as unsafe. Replaced arcfour with [email protected] to allow it to work.
Default option chosen for ssh cipher is aes128. However, user can overwrite this by providing --cloud-rsync-cipher argument
| @@ -85,6 +85,8 @@ Command-line options | |||
| Optional process count limit for `rsync` processes. By default there's no limit so rsyncing will be in parallel | |||
| for all test nodes. | |||
|
|
|||
| * `--cloud-rsync-cipher` | |||
| Optional ssh cipher selection for `rsync` processes. [email protected] by default. | |||
There was a problem hiding this comment.
please add a reason for choosing the non-default cipher
There was a problem hiding this comment.
Added more verbose description.
|
@dasm what is your pypi username, I will add you as a maintainer so that you can make releases yourself |
|
@bubenkoff my pypi is the same (just created :P). Added myself to AUTHORS too. |
|
@dasm please don't forget to make and push git tags when making the releases |
|
and of course, the version has to be changed |
|
OK. Will change version and push tags. Thanks @bubenkoff |
|
@bubenkoff I tried to publish new tag on repository, but it's giving me: Am I missing something? |
|
what's the git command you're running? from the project folder |
|
I successfully uploaded new version to pypi with CLI. I also pushed new tag. Forgot to create tag with Thank you @bubenkoff |
OpenSSL 7.6 removed support for arcfour. rsync which uses ssh is trying
to establish connection with use of arcfour. For newer installations it
is ending with an error to establish connection.
Removed hardcoded arcfour cipher from code.
This change is