Cisco vs. 6.9

mikep at noc.utoronto.ca mikep at noc.utoronto.ca
Fri Jul 24 22:10:59 AEST 2015


> After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco
> switches/routers can no longer scp config files to/from the system.  The
> last debug entry before the Cisco device closes the connection is "debug1:
> server_input_channel_open: confirm session".  The next line is "Connection
> closed by x.x.x.x".  Anyone else seen this or know of a fix?  The Cisco
> device gives "Undefined error" when scp'ing a config file from the server,
> and "Permission denied" (probably not the correct error message) when
> scp'ing a file to the server.  Works fine after reverting to 6.7.  Cisco
> device is running IOS 15.1(2).

We don't use 'scp' but regular 'ssh' started failing with OpenSSH 6.8.
Here's the config in 'ssh_config' that works for us:

Host <list of router names / patterns here>
   ForwardAgent no
   ForwardX11 no
   ForwardX11Trusted no
   Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
   KexAlgorithms diffie-hellman-group1-sha1

Mike
--
Mike Peterson                            Information Security Analyst - Audit
E-mail: mikep at noc.utoronto.ca                WWW: http://www.noc.utoronto.ca/
Tel: 416-978-5230                                           Fax: 416-978-6620


More information about the openssh-unix-dev mailing list