On Mon, 25 Dec 2017 15:06:34 +0100
"Peter N. M. Hansteen" <***@bsdly.net> wrote:
> On 12/25/17 11:13, Marko Cupać wrote:
> > Hi,
> > I noticed I can't ssh from cisco router running IOS 15.X to OpenBSD
> > 6.2. No problem with 6.1.
> > Anyone else with this problem? Any idea how to solve it or where to
> > start digging?
> I'd start by looking for messages in /var/log/authlog on the OpenBSD
> machine, and if possible running with ssh -v or -vv (I forget how many
> you can usefully put in, or if the Cisco boxes even use the same
> options) to get more detail on what happens.
> My hunch is that you will be looking at resolving a gap in ciphers
> offered as available at either end. Newer ssh versions have
> incrementally dropped or disabled by default the unsafe ones, but
> increasing the message verbosity will point you in the right
thanks for pointing me to auth.log, I never have problems with ssh, so
I don't have the habit of checking auth.log - I was looking at messages
and daemon logs.
I saw this in auth.log:
Protocol major versions differ for 192.168.223.1 port 45187:
SSH-2.0-OpenSSH_7.6 vs. SSH-1.99-Cisco-1.25
I started passing different cipher options to ssh client on cisco, and
finally managed to connect to OpenBSD 6.2 with:
ssh -v 2 -c aes256-ctr -m hmac-sha1-160 IP.ADD.RE.SS
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.