Key exchange/selection badly broken in SNAP1014?

Damien Miller djm at mindrot.org
Sat Oct 14 19:51:50 EST 2000


On Sat, 14 Oct 2000, Pekka Savola wrote:

> Hello all,
> 
> It seems the overhaul on key exchange/selection broke it badly.  I
> haven't managed to use any other encryption method than 3des and
> blowfish when connecting to SNAP -> SNAP.  SNAP -> 2.2.0p1 will use
> arcfour etc. quite cleanly.

Snap->snap works fine for me:

[djm at mothra openssh]$ ssh -v -2 -o "Ciphers rijndael128-cbc,arcfour" mothra  
SSH Version OpenSSH_2.2.0p2, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /home/djm/.ssh/config
debug: cipher ok: rijndael128-cbc [rijndael128-cbc,blowfish-cbc]
debug: cipher ok: blowfish-cbc [rijndael128-cbc,blowfish-cbc]
debug: ciphers ok: [rijndael128-cbc,blowfish-cbc]
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Connecting to mothra [203.44.118.225] port 22.
debug: Seeding random number generator
debug: Allocated local port 973.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p2
debug: no match: OpenSSH_2.2.0p2
Enabling compatibility mode for protocol 2.0

debug: Local version string SSH-2.0-OpenSSH_2.2.0p2
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit: 
debug: got kexinit: 
debug: first kex follow: 0 
debug: reserved: 0 
debug: done
debug: kex: server->client rijndael128-cbc hmac-sha1 zlib
debug: kex: client->server rijndael128-cbc hmac-sha1 zlib

-d

-- 
| ``The power of accurate observation is  | Damien Miller <djm at mindrot.org>
| commonly called cynicism by those who   | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org






More information about the openssh-unix-dev mailing list