Key exchange/selection badly broken in SNAP1014? [works]
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Sat Oct 14 21:19:01 EST 2000
On Sat, Oct 14, 2000 at 01:06:55PM +0300, Pekka Savola wrote:
> On Sat, 14 Oct 2000, Damien Miller wrote:
>
> > On Sat, 14 Oct 2000, Pekka Savola wrote:
> >
> > > Hello all,
> > >
> > > It seems the overhaul on key exchange/selection broke it badly. I
> > > haven't managed to use any other encryption method than 3des and
> > > blowfish when connecting to SNAP -> SNAP. SNAP -> 2.2.0p1 will use
> > > arcfour etc. quite cleanly.
> >
> > Snap->snap works fine for me:
> <snip>
>
> Oh. I see that 'Cipher' only supports 3des/blowfish, while Ciphers is
> meant for SSH2 operation. Should there be a note, like, 'This is meant to
> be used with SSH1 protocol' on the man page?
i'll fix this, too.
> There are a few other issues:
>
> 1) if you connect using 'ssh otherhost' rather than 'ssh
> otherhost.yourdomain', now OpenSSH will add second host key 'otherhost' to
> known_hosts2. Before, it wouldn't do that. Is this intentional?
i removed the canonicalization of the given hostname due to popular
demand. perhaps this should be noted in the snapshot changelog.
> 2) 'ssh -h' prints out:
>
> -c cipher Select encryption algorithm: ``3des'', ``blowfish''
>
> I'm not sure if it's better to say check the man page for algorithms or
> make a bigger list here. Also, the man page doesn't mention aes or
> rijndael.
yes, this needs to be fixed.
More information about the openssh-unix-dev
mailing list