[Bug 207679] r295367 import of OpenSSH drops support for some ciphers
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Mar 3 14:03:11 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207679
Bug ID: 207679
Summary: r295367 import of OpenSSH drops support for some
ciphers
Product: Base System
Version: 10.3-BETA2
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: mike at sentex.net
The import of the latest version of OpenSSH into RELENG_10 drops ciphers such
as aes128-cbc from the server. I had a few lightweight clients using
aes128-cbc (e.g alix boxes) to make use of the hardware crypto that broke as a
result.
e.g. from a client going to a host that has r295367 applied.
ssh -c aes128-cbc user at target.sentex.ca
no matching cipher found: client aes128-cbc server
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
and running sshd -ddd
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit:
curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
[preauth]
debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
[preauth]
debug2: kex_parse_kexinit:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[preauth]
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa [preauth]
debug2: kex_parse_kexinit: aes128-cbc [preauth]
debug2: kex_parse_kexinit: aes128-cbc [preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
[preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
[preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
Unable to negotiate with xx.yy.zz.146: no matching cipher found. Their
offer: aes128-cbc [preauth]
debug1: do_cleanup [preauth]
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list