Re: bin/49297: openssh update broke sshd

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: bin/49297: openssh update broke sshd
From: Martin Husemann <martin%duskware.de@localhost>
Date: Tue, 21 Oct 2014 13:15:00 +0000 (UTC)

The following reply was made to PR bin/49297; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/49297: openssh update broke sshd
Date: Tue, 21 Oct 2014 15:10:08 +0200

 On Tue, Oct 21, 2014 at 09:02:17AM -0400, Christos Zoulas wrote:
 > Yes, they removed a whole bunch of ciphers because they are not supporting
 > them anymore. We could either consider bringing them back, or you need to
 > upgrade your windows ssh to something newer.
 
 Indeed, and the log messages were only partly helpfull (the cipher string
 was loged, but the key exchange I had to trial&error).
 
 For the record, adding this to /etc/ssh/sshd_conf worked around it for me:
 
 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm%openssh.com@localhost,aes256-gcm%openssh.com@localhost,chacha20-poly1305%openssh.com@localhost,aes128-cbc
 
 KexAlgorithms curve25519-sha256%libssh.org@localhost,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 
 
 I wonder how we best should document the issue to avoid folks locking them
 out accidently on update.
 
 Martin

Follow-Ups:
- Re: bin/49297: openssh update broke sshd
  - From: Christos Zoulas

Prev by Date: Re: bin/49297 (openssh update broke sshd)
Next by Date: Re: misc/47645 (/etc/daily and /etc/security may use wrong pkg_admin)
Previous by Thread: Re: bin/49297: openssh update broke sshd
Next by Thread: Re: bin/49297: openssh update broke sshd
Indexes:

Home | Main Index | Thread Index | Old Index