Cisco vs. 6.9
Jeff Wieland
wieland at purdue.edu
Wed Jul 29 14:11:54 AEST 2015
We needed to enale the CBC ciphers and the *-SHA1 Key exchange
algorithms as well,
but that's a run time change. I didn't know that there was more to be done.
Darren Tucker wrote:
> On Wed, Jul 29, 2015 at 12:41 PM, Jeff Wieland <wieland at purdue.edu
> <mailto:wieland at purdue.edu>> wrote:
> [...]
>
> Making this change works great for me
>
>
> Damien beat me to to it and the diff has already been committed and
> will be in 7.0.
>
> -- one of the three pieces need to allow the ssh
> (and scp) clients on Cisco devices to talk to OpenSSH 6.9p1.
>
>
> I'm aware of one other (the one where Ciscos choke on large DH-GEX
> requests[1]). What's the third (or other two, if there's something else)?
>
> [1]
> https://anongit.mindrot.org/openssh.git/commit/?id=b282fec1aa05246ed3482270eb70fc3ec5f39a00
> --
> Darren Tucker (dtucker at zip.com.au <http://zip.com.au>)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITIS UNIX Platforms
Voice: (765)496-8234 | 155 S. Grant Street
FAX: (765)496-1380 | West Lafayette, IN 47907
More information about the openssh-unix-dev
mailing list