Key exchange/selection badly broken in SNAP1014? [works]

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Sat Oct 14 21:19:01 EST 2000


On Sat, Oct 14, 2000 at 01:06:55PM +0300, Pekka Savola wrote:
> On Sat, 14 Oct 2000, Damien Miller wrote:
> 
> > On Sat, 14 Oct 2000, Pekka Savola wrote:
> > 
> > > Hello all,
> > > 
> > > It seems the overhaul on key exchange/selection broke it badly.  I
> > > haven't managed to use any other encryption method than 3des and
> > > blowfish when connecting to SNAP -> SNAP.  SNAP -> 2.2.0p1 will use
> > > arcfour etc. quite cleanly.
> > 
> > Snap->snap works fine for me:
> <snip>
> 
> Oh.  I see that 'Cipher' only supports 3des/blowfish, while Ciphers is
> meant for SSH2 operation.  Should there be a note, like, 'This is meant to
> be used with SSH1 protocol' on the man page?

i'll fix this, too.

> There are a few other issues:
> 
> 1) if you connect using 'ssh otherhost' rather than 'ssh
> otherhost.yourdomain', now OpenSSH will add second host key 'otherhost' to
> known_hosts2.  Before, it wouldn't do that.  Is this intentional?

i removed the canonicalization of the given hostname due to popular
demand. perhaps this should be noted in the snapshot changelog.

> 2) 'ssh -h' prints out:
> 
>   -c cipher   Select encryption algorithm: ``3des'', ``blowfish''
> 
> I'm not sure if it's better to say check the man page for algorithms or
> make a bigger list here.  Also, the man page doesn't mention aes or
> rijndael.

yes, this needs to be fixed.





More information about the openssh-unix-dev mailing list