> > hi Thomas, frankly, if the SSH server refused to start after the > config was changed, it must have been broken which could probably happen > with OpenSSH as well. > > Yes, i figured that much =) I found the log which showed the error but it didn't give an exact enough message saying which part was wrong.
> on OpenSolaris, SunSSH on the server side does not support CBC > ciphers in its default list, as described in sshd_config man page. It's > been mentioned in other mails why and they can be easily enabled if > needed. Before such change was done, I checked all existing SSH clients > I could possibly found and realized that virtually all of them supported > AES in the CTR mode or some of the RC4 modes. There were minor > exceptions, old and no longer maintained client for PalmOS, for example, > and I filed one or two bugs against other implementations which I think > were even fixed since then. > > This makes more sense, i tried to add in the cbc ciphers. > I also agree with others that using the shipped SSH client with > the MacOS might be a good idea, I really don't like that your client > needs the user's help with specifying what cipher to use. The client is > the one that should know better. The server offers an *unordered* list > of ciphers, and the client is the one that picks. The client should by > default be willing to use only safe ciphers, and that's definitely not > DES. The fact that it even allows you to use DES with SSH protocol 2 > seems very suspicious, it's not part of the SSH protocol at all, as > mentioned by Bayard in another email. > > cheers, J. > > Well, actually the "client" i'm using isn't a client at all, it's a bookmark system. It actually uses the default ssh client in osx, it just lets you specify different settings and terminal window collors. It seems that the problem is that it doesn't have entries for all the Ciphers. When i use the default client manually, i can chose the ciphers which work with OpenSolaris. I've contacted the person who writes the bookmark program (it's called JellyFiSSH, and it is super convenient so i hope i can get it working) and hopefully he will fix it or tell me how to manually change his optioons. As far as letting the client pick the right cipher...perhaps that is true. I'll also include a note to the person who write jellyfssh asking for it to not specify the Cipher at all (or at least have an option) Actually, all that happens when you use this program is this: You select a bookmark you've made, normally broken into categories, and it opens a normal OSX terminal and enters a command based on what you've put in the bookmark....so for instace, heres what it enters for one of my servers: ssh -c 3des -2 -l wonslung 12.12.123.12 -p 22 ;exit (changed ip but you get the idea) so it opens a new teminal for each, which has different fonts and color settings...it's quite nice if you use ssh a lot and have a ton of them. I really don't like putty....there is a program for linux called SSH Menu which is also nice...but it's a gnome program so i don't see it happening for osx (though i've installed it on OpenSolaris when i used that as a desktop =)) Thanks to everyone for the help. > -- > Jan Pechanec > http://blogs.sun.com/janp >
_______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
