We needed to enale the CBC ciphers and the *-SHA1 Key exchange
algorithms as well,
but that's a run time change. I didn't know that there was more to be done.
Darren Tucker wrote:
On Wed, Jul 29, 2015 at 12:41 PM, Jeff Wieland <wieland@xxxxxxxxxx
<mailto:wieland@xxxxxxxxxx>> wrote:
[...]
Making this change works great for me
Damien beat me to to it and the diff has already been committed and
will be in 7.0.
-- one of the three pieces need to allow the ssh
(and scp) clients on Cisco devices to talk to OpenSSH 6.9p1.
I'm aware of one other (the one where Ciscos choke on large DH-GEX
requests[1]). What's the third (or other two, if there's something else)?
[1]
https://anongit.mindrot.org/openssh.git/commit/?id=b282fec1aa05246ed3482270eb70fc3ec5f39a00
--
Darren Tucker (dtucker at zip.com.au <http://zip.com.au>)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITIS UNIX Platforms
Voice: (765)496-8234 | 155 S. Grant Street
FAX: (765)496-1380 | West Lafayette, IN 47907
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev