OpenSSH 6.4 connection to Cisco 6506 routers/switches fails

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 9 06:40:31 EST 2014


[re: http://marc.info/?l=openssh-unix-dev&m=138920224702016&w=2 and
previous discussion]

On 01/08/2014 12:30 PM, mikep at noc.utoronto.ca wrote:
> On Wed, 8 Jan 2014, Loganaden Velvindron <loganaden at gmail.com> wrote:
>> On Tue, Dec 24, 2013 at 12:52 AM,  <mikep at noc.utoronto.ca> wrote:
>>>  It turns out the Cisco SSH server only supports a limited set of
>>> ciphers (this is documented sort-of by Cisco, and is displayed when
>>> you try to force a non-supported cipher).
>>
>> That's short-sighted coming from them.
>>
>> I have tested and I have the same problem with the latest snapshot.
>> This is very annoying.
>>
>> Do you have a ticket number where I can also chip in ?
> 
> I have no access to open Cisco tickets, and our local router person who
> does is still away (like most universities, we've been closed for the
> past few weeks).
> 
> I'll talk to him when he gets back, but agree this is very annoying.

fwiw, one of the co-chairs of the IRTF's Crypto Forum Research Group is
David McGrew, who works for Cisco:

 https://www.irtf.org/cfrg

I'm cc'ing David here, because i figure he would be interested in
hearing this concern about cryptographic choices in Cisco's products,
though i don't know whether his position within Cisco gives him the
ability to address the situation.  At the very least, i figure he'd want
to be aware of it.

Regards,

	--dkg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140108/0f59587c/attachment.bin>


More information about the openssh-unix-dev mailing list