Project

General

Profile

Feature #5283

SunSSH client kex algorithms incompatible with OpenSSH 6.7 server by default

Added by Lauri Tirkkonen over 5 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
cmd - userland programs
Start date:
2014-11-04
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

SunSSH client cannot connect to an OpenSSH 6.7 sshd with default settings (eg. OpenBSD 5.6) due to tightened defaults:

% ssh openbsd56machine
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1', server ',ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1'

sshd_config changes can work around this of course.


Related issues

Related to illumos gate - Feature #5414: sunssh crypto modernization, pt. 1Closed2014-12-08

Actions

History

#1

Updated by Preston Marshall about 5 years ago

It looks like this is going to require adding support for some key exchange algorithms in SunSSH, which I'm not sure is a minor task. I ran across this issue trying to secure my SSH client on OS X, as SunSSH only supports a few key exchange algorithms, all of which this recommends disabling.

#2

Updated by Lauri Tirkkonen about 5 years ago

Preston Marshall wrote:

It looks like this is going to require adding support for some key exchange algorithms in SunSSH, which I'm not sure is a minor task. I ran across this issue trying to secure my SSH client on OS X, as SunSSH only supports a few key exchange algorithms, all of which this recommends disabling.

As I understand it some work is already being done in #5414. There's been some discussion on the developer list too.

#3

Updated by Yuri Pankov about 3 years ago

  • Status changed from New to Feedback

SunSSH is no more, nothing to fix?

#4

Updated by Lauri Tirkkonen about 3 years ago

  • Status changed from Feedback to Closed

Yuri Pankov wrote:

SunSSH is no more, nothing to fix?

Right.

Also available in: Atom PDF