On Mon, 25 Dec 2017 15:06:34 +0100 "Peter N. M. Hansteen" <pe...@bsdly.net> wrote:
> On 12/25/17 11:13, Marko Cupać wrote: > > Hi, > > > > I noticed I can't ssh from cisco router running IOS 15.X to OpenBSD > > 6.2. No problem with 6.1. > > > > Anyone else with this problem? Any idea how to solve it or where to > > start digging? > > I'd start by looking for messages in /var/log/authlog on the OpenBSD > machine, and if possible running with ssh -v or -vv (I forget how many > you can usefully put in, or if the Cisco boxes even use the same > options) to get more detail on what happens. > > My hunch is that you will be looking at resolving a gap in ciphers > offered as available at either end. Newer ssh versions have > incrementally dropped or disabled by default the unsafe ones, but > increasing the message verbosity will point you in the right > direction. Hi, thanks for pointing me to auth.log, I never have problems with ssh, so I don't have the habit of checking auth.log - I was looking at messages and daemon logs. I saw this in auth.log: Protocol major versions differ for 192.168.223.1 port 45187: SSH-2.0-OpenSSH_7.6 vs. SSH-1.99-Cisco-1.25 I started passing different cipher options to ssh client on cisco, and finally managed to connect to OpenBSD 6.2 with: ssh -v 2 -c aes256-ctr -m hmac-sha1-160 IP.ADD.RE.SS Regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
