[Bug 2209] Problem logging into Cisco devices under 6.5p1 (kexgexc.c)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed May 27 09:13:16 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2209

--- Comment #6 from Darren Tucker <dtucker at zip.com.au> ---
Someone was able to give me access to two Ciscos, one with the bug and
one without (thanks, Steinar!) and I was able to test the patch. 
Unfortunately they both have the same protocol banner, so we can't
selectively blacklist only the affected implementations.

$ ssh -vvv -o KexAlgorithms=diffie-hellman-group-exchange-sha1
cisco-with-bug
[...]
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
[...]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent
Connection closed by 2001:67c:29f4::19

$ ssh -vvv -o KexAlgorithms=diffie-hellman-group-exchange-sha1 -c
aes256-cbc cisco-without-bug
[...]
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
[...]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 2078/4096

With patch:
$ ssh -vvv -o KexAlgorithms=diffie-hellman-group-exchange-sha1
cisco-with-bug
[...]
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x40000000
[...]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 2016/4096

$ ssh -vvv -o KexAlgorithms=diffie-hellman-group-exchange-sha1 -c
aes256-cbc cisco-without-bug
[...]
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x40000000
[...]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 2087/4096

Looks like it works.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list