Cisco vs. 6.9

Darren Tucker dtucker at zip.com.au
Wed Jul 29 09:23:43 AEST 2015


On Tue, Jul 28, 2015 at 04:20:34PM +0000, Kash, Howard M CIV USARMY ARL (US) wrote:
> > Turns out the problem is the new protocol extension for sending host keys
> to
> > the client after user authentication (section 2.5 of the PROTOCOLS
> > document).  Commenting out the notify_hostkeys() call in sshd.c fixes the
> > issues with Cisco scp.  Maybe a new bug compatibility flag in on order to
> > add to the "Cisco-1.*" client string that was added in 6.9?
> 
> There's already a flag... just need to add SSH_BUG_HOSTKEYS to "Cisco-1.*"
> in compat.c.

Like so?

Index: compat.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/compat.c,v
retrieving revision 1.95
diff -u -p -r1.95 compat.c
--- compat.c	13 Jul 2015 04:57:14 -0000	1.95
+++ compat.c	28 Jul 2015 23:22:07 -0000
@@ -150,7 +150,7 @@ compat_datafellows(const char *version)
 		  "1.2.22*",		SSH_BUG_IGNOREMSG },
 		{ "1.3.2*",		/* F-Secure */
 					SSH_BUG_IGNOREMSG },
-		{ "Cisco-1.*",		SSH_BUG_DHGEX_LARGE },
+		{ "Cisco-1.*",		SSH_BUG_DHGEX_LARGE|SSH_BUG_HOSTKEYS },
 		{ "*SSH Compatible Server*",			/* Netscreen */
 					SSH_BUG_PASSWORDPAD },
 		{ "*OSU_0*,"

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list