Stephen Hurd shurd at
Tue Apr 7 15:47:04 AEST 2015

Peter Gutmann wrote:
> Darren Tucker <dtucker at> writes:
>> That's a vendor-modified version of OpenSSH.  Assuming it corresponds to
>> what's in FreeBSD head, there's about a thousand lines of changes. 
> Ugh.
>> Can you reproduce the problem with an unmodified version from
>> Failing that, can you get the server-side debug output from a failing
>> connection (ie /path/to/sshd -ddd)?
> I've cc'd this to the person who reported it in case he can shed more light on
> the specifics, in the meantime here's the level 3 debug output that he
> provided me with (this was previously posted to a public mailing list so I'm
> assuming it's not sensitive):

The problem was originally reported via IRC against "a couple different
Linux distros", and I found I could reproduce with my FreeBSD 11 box so
I added a local patch to work around it, sent it to the reporter who
confirmed that it solved his issue.  I can try to find out the specific
distros, though I suspect they have vendor patches as well.

His system also had all the CBC ciphers disabled by default, including
the mandatory 3des-cbc and recommended aes128-cbc, so I suspect a
reaction to some padding oracle attack (I don't really keep up) was
involved on his systems.  It seems that Cryptlib only does CBC, so I had
to walk him through re-enabling those.

More information about the openssh-unix-dev mailing list