Re: Cisco vs. 6.9

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Jul 28, 2015 at 04:20:34PM +0000, Kash, Howard M CIV USARMY ARL (US) wrote:
> > Turns out the problem is the new protocol extension for sending host keys
> to
> > the client after user authentication (section 2.5 of the PROTOCOLS
> > document).  Commenting out the notify_hostkeys() call in sshd.c fixes the
> > issues with Cisco scp.  Maybe a new bug compatibility flag in on order to
> > add to the "Cisco-1.*" client string that was added in 6.9?
> 
> There's already a flag... just need to add SSH_BUG_HOSTKEYS to "Cisco-1.*"
> in compat.c.

Like so?

Index: compat.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/compat.c,v
retrieving revision 1.95
diff -u -p -r1.95 compat.c
--- compat.c	13 Jul 2015 04:57:14 -0000	1.95
+++ compat.c	28 Jul 2015 23:22:07 -0000
@@ -150,7 +150,7 @@ compat_datafellows(const char *version)
 		  "1.2.22*",		SSH_BUG_IGNOREMSG },
 		{ "1.3.2*",		/* F-Secure */
 					SSH_BUG_IGNOREMSG },
-		{ "Cisco-1.*",		SSH_BUG_DHGEX_LARGE },
+		{ "Cisco-1.*",		SSH_BUG_DHGEX_LARGE|SSH_BUG_HOSTKEYS },
 		{ "*SSH Compatible Server*",			/* Netscreen */
 					SSH_BUG_PASSWORDPAD },
 		{ "*OSU_0*,"

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux