[Soekris] Hi/fn cards and SSH...
Gabe E. Nydick
gnydick-soekris at nydick.net
Sat Mar 17 14:53:13 UTC 2007
This is not a solution, this is a workaround by disabling
functionality. I want ssh crypto in hardware, I want compression in
hardware. You need all the cycles you can spare on a 586 equiv.
You can also leave it enabled and just use crypto schemes that aren't
supported on the card, like blowfish-cbc, but that's not as secure as
3des, I believe.
- G
Exo cat wrote:
> On Fri, 2007-03-16 at 13:56 +0000, Stuart Henderson wrote:
>
>
>> using sysctl 'kern.usercrypto=0' (see /etc/sysctl.conf) will allow
>> the card to be used for IPsec which doesn't have reported problems,
>> and disable it for userland which does.
>>
>
> This is actually the very first time I know of that someone has come up
> with a simple and unambiguous solution to this long-standing issue (as
> the Soekris archives will testify). Thanks.
>
> Bill
>
>
>> _______________________________________________
>> Soekris-tech mailing list
>> Soekris-tech at lists.soekris.com
>> http://lists.soekris.com/mailman/listinfo/soekris-tech
>>
>>
>
> _______________________________________________
> Soekris-tech mailing list
> Soekris-tech at lists.soekris.com
> http://lists.soekris.com/mailman/listinfo/soekris-tech
>
More information about the Soekris-tech
mailing list