On Jun 8, 2014, at 8:43 AM, Darren Tucker <dtucker@xxxxxxxxxx> wrote: > On Sat, Jun 7, 2014 at 7:23 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: > >> On Fri, 6 Jun 2014, Armin Wolfermann wrote: >> >> [...] >> Unfortunately, this a a bit confusing - some Match criteria only work >> after key exchange has completed. If users try something like >> >> Match user djm >> Ciphers aes128-cbc >> >> then it will never work. > > > Actually in this particular case you could probably force a rekeying as > soon as the username is received and make this work more or less as > expected. That'd work for Compression too. However, if the SSH client in question is broken (as it sounds like Mr Wolfermann's Android clients are) it will never get to a rekey stage as it will fail to do the initial connection. Just feels hokey to try and play with Ciphers and Macs in the Match. - Ben _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev