Skip to main content

Notes on SSH


Notes on SSH
  1. For security reasons, XCP 4030 and XCP 3120 can no longer use DSA host keys and DSA user public keys for SSH connection. Use RSA host keys for the host keys. If you have registered a DSA user public key, reregister it as an RSA user public key.
  1. OpenSSL security fix (RTIF2-201109-029) in XCP 3100. This fix changes the "Fingerprint:" display of the showssh command. In XCP 3100 or later, "SHA256" and "no comment" are displayed. The file path name is not displayed.
    For details on the showssh(8) command, see the Fujitsu SPARC M12 and Fujitsu M10/SPARC M10 XSCF Reference Manual of the XCP version that you use.
  1. [Display example]
    - XCP 3100 or later
RSA key:
 :
Fingerprint:
2048 SHA256:jKM3wOwUOnQUX6LRWS5+3ji7f2ji7cN5naaDhCUQufw no comment (RSA)
DSA key:
 :
Fingerprint:
1024 SHA256:weptlraZ1EyZ4t4vbwX9zBR36REvQteyVq/Z/E3fR6M no comment (DSA)
  1. - XCP 3090 or earlier
RSA key:
 :
Fingerprint:
1024 e4:35:6a:45:b4:f7:e8:ce:b0:b9:82:80:2e:73:33:c4 /etc/ssh/ssh_host_rsa_
key.pub
DSA key:
 :
Fingerprint:
1024 9e:39:8e:cb:8a:99:ff:b4:45:12:04:2d:39:d3:28:15 /etc/ssh/ssh_host_dsa_
key.pub
  1. For security reasons, XCP 3090 cannot use some of the encryption algorithms used for SSH connection.
    If SSH connection fails, update the SSH connection destination client and server, or change their settings.
    - Encryption algorithms that cannot be used for SSH connection by XCP 3090 or later

       aes128-cbc, aes192-cbc, aes256-cbc
    - Encryption algorithms that can be used for SSH connection by XCP 3090 or later

       aes128-ctr, aes192-ctr, aes256-ctr