Cisco vs. 6.9

Jeff Wieland wieland at purdue.edu
Wed Jul 29 14:11:54 AEST 2015


We needed to enale the CBC ciphers and the *-SHA1 Key exchange 
algorithms as well,
but that's a run time change.  I didn't know that there was more to be done.

Darren Tucker wrote:
> On Wed, Jul 29, 2015 at 12:41 PM, Jeff Wieland <wieland at purdue.edu 
> <mailto:wieland at purdue.edu>> wrote:
> [...]
>
>     Making this change works great for me
>
>
> Damien beat me to to it and the diff has already been committed and 
> will be in 7.0.
>
>     -- one of the three pieces need to allow the ssh
>     (and scp) clients on Cisco devices to talk to OpenSSH 6.9p1.
>
>
> I'm aware of one other (the one where Ciscos choke on large DH-GEX 
> requests[1]).  What's the third (or other two, if there's something else)?
>
> [1] 
> https://anongit.mindrot.org/openssh.git/commit/?id=b282fec1aa05246ed3482270eb70fc3ec5f39a00
> -- 
> Darren Tucker (dtucker at zip.com.au <http://zip.com.au>)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.


-- 
           Jeff Wieland            |         Purdue University
    Network Systems Administrator  |        ITIS UNIX Platforms
        Voice: (765)496-8234       |        155 S. Grant Street
         FAX: (765)496-1380        |      West Lafayette, IN 47907



More information about the openssh-unix-dev mailing list