Cisco vs. 6.9
Darren Tucker
dtucker at zip.com.au
Wed Jul 29 09:23:43 AEST 2015
On Tue, Jul 28, 2015 at 04:20:34PM +0000, Kash, Howard M CIV USARMY ARL (US) wrote:
> > Turns out the problem is the new protocol extension for sending host keys
> to
> > the client after user authentication (section 2.5 of the PROTOCOLS
> > document). Commenting out the notify_hostkeys() call in sshd.c fixes the
> > issues with Cisco scp. Maybe a new bug compatibility flag in on order to
> > add to the "Cisco-1.*" client string that was added in 6.9?
>
> There's already a flag... just need to add SSH_BUG_HOSTKEYS to "Cisco-1.*"
> in compat.c.
Like so?
Index: compat.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/compat.c,v
retrieving revision 1.95
diff -u -p -r1.95 compat.c
--- compat.c 13 Jul 2015 04:57:14 -0000 1.95
+++ compat.c 28 Jul 2015 23:22:07 -0000
@@ -150,7 +150,7 @@ compat_datafellows(const char *version)
"1.2.22*", SSH_BUG_IGNOREMSG },
{ "1.3.2*", /* F-Secure */
SSH_BUG_IGNOREMSG },
- { "Cisco-1.*", SSH_BUG_DHGEX_LARGE },
+ { "Cisco-1.*", SSH_BUG_DHGEX_LARGE|SSH_BUG_HOSTKEYS },
{ "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
{ "*OSU_0*,"
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list