On 28 December 2017 at 21:45, Marko Cupać <marko.cu...@mimar.rs> wrote: [...]
> I saw this in auth.log: > Protocol major versions differ for 192.168.223.1 port 45187: > SSH-2.0-OpenSSH_7.6 vs. SSH-1.99-Cisco-1.25 > That's a bug in the Cisco implementation. RFC4253 section 4.2 says the protocol version MUST be 2.0. "5.1 defines "1.99" as a backward compatibility alias for servers that speak both 1.5 and 2.0 protocols, but it is not specified for a client. sshd used to accept it but it probably shouldn't have (see https://bugzilla.mindrot.org/show_bug.cgi?id=2810). I started passing different cipher options to ssh client on cisco, and > finally managed to connect to OpenBSD 6.2 with: > > ssh -v 2 -c aes256-ctr -m hmac-sha1-160 IP.ADD.RE.SS > On Unix systems you can put the equivalent Ciphers and MACs directives into ~/.ssh/config under a Host for that device to save you having to remember it. I don't know if your Cisco has any equivalent. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
