Cisco vs. 6.9

[Malcolm]

Quoting "Kash, Howard M CIV USARMY ARL (US)" <howard.m.kash.civ at mail.mil>:
 
> After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco
> switches/routers can no longer scp config files to/from the system.  The
> last debug entry before the Cisco device closes the connection is "debug1:
> server_input_channel_open: confirm session". 

Many aging ciphers, hashes, and key exchanges are in the process of being
retired.  <1kbit Diffie Hellman moduli have been removed as well in 6.9, I
believe.

If the Ciscos rely on <1kbit DH moduli or SHA1/MD5 hash based proposals to
work, that could be your problem.

A comparison of the two versions' output from: (ssh -Q kex ; ssh -Q mac ; ssh
-Q cipher) MAY help narrow it down, but I think you'll need to enable protocol
debug logging on the server side and see which proposals that the Cisco is
using that's no longer available in 6.9 (by default).  You may just need to
add two or three lines to 6.9's sshd_config file, i.e.,
KexAlgorithms/MACs/Ciphers.

If it's a modulus size issue, you can use the moduli file from the 6.7 release
in 6.9, though the small moduli have been removed for good reason.

It's a good reminder for all of us to re-inventory key exchanges, macs,
ciphers, for all of the core services that need suitable information security.
 I've been amazed at how much cruft has accumulated in OpenSSL, and how many
downstream clients have inherited so much "bad" code for so long as a result.

Building OpenSSH without OpenSSL at all would be great, except I'd kill ssh
access for everyone but my development and system engineers. :/ (The dream of
curve25519-sha256/chacha20-poly1305-for-all is still a pipe dream for many.) 

Happy hunting!

=R=