[Bug 2209] Problem logging into Cisco devices under 6.5p1 (kexgexc.c)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 7 12:54:17 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2209
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
The problem is Cisco does not correctly implement RFC4419, specifically
when asked for a preferred group size larger than its largest group it
fails rather than returning a group it does have that's within the
allowed min/max bounds.
There's been some discussion on the mailing list:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2014-January/032037.html
http://lists.mindrot.org/pipermail/openssh-unix-dev/2014-February/032177.html
Non-code workaround: "KexAlgorithms
diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" in
~/.ssh/config for the device in question.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list