>Number:         14200
>Category:       bin
>Synopsis:       "ssh" ignores "CompressionLevel" setting when "Protocol 2" is selected.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 09 14:01:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Frederick Bruckman
>Release:        NetBSD 1.5.2
>Organization:

Frederick
>Environment:
	
System: NetBSD tautology.immanent.net 1.5.2 NetBSD 1.5.2 (TAUTOLOGY) #0:
Sun Aug 19 10:06:34 CDT 2001 fredb@tautology.immanent.net:
/usr/src/sys/arch/i386/compile/TAUTOLOGY i386


>Description:
	
	If "ssh" selects SSHv2, and compression is on, the compression
	level is always set to the default value of "6", regardless of any
	settings in ~/.ssh/config.  No problem with SSHv1. The same problem
	occurs, by the way, with the package version (OpenSSH_2.5.1p2) on
	a 1.4.3 host.

>How-To-Repeat:
	
	Start with an ~/.ssh/config such as the following:

	Host                    *
	Cipher                  blowfish
	Ciphers blowfish-cbc,3des-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
	Compression             yes
	CompressionLevel        3
	ForwardAgent            no
	ForwardX11              no
	GatewayPorts            no
	Protocol                2,1
	RhostsAuthentication    no
	RhostsRSAAuthentication no

	Pick any host running "sshd", and see what happens when you reverse
	the order of the preferred protocol. With v1, "ssh -v ..." says:

	debug: Requesting compression at level 3.
	debug: Enabling compression at level 3.

	but with v2:

	debug: Enabling compression at level 6.

>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: