[40072] in North American Network Operators' Group
Re: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Wed Aug 1 01:43:40 2001
Date: Wed, 1 Aug 2001 08:43:09 +0300 (IDT)
From: Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
Reply-To: <nanog@merit.edu>
To: Charles Sprickman <spork@inch.com>
Cc: Kevin Steves <stevesk@pobox.com>, <nanog@merit.edu>
In-Reply-To: <Pine.BSF.4.33.0107311657450.22099-100000@shell.inch.com>
Message-ID: <Pine.GSO.4.31.0108010839180.5151-100000@meron.openu.ac.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 31 Jul 2001, Charles Sprickman wrote:
>
> On Tue, 31 Jul 2001, Kevin Steves wrote:
>
> > On Tue, 31 Jul 2001, Charles Sprickman wrote:
> > :6) Finding a unix ssh that supports 3DES and DES.
DES(not 3DES) is a compile time option for SSH1
(default is not to support DES)
Try to convince to person in charge of SSH that even SSH1+DES while weak
is much better than cleartext tel-net ....
- Rafi
> > :
> > :I curse those OpenSSH folks for making me have to trudge through the code
> > :to find out how to get DES working...
> >
> > DES is supported in openssh for protocol 1 in the client with ssh -c des.
>
> Ooops. The FreeBSD port I built from is trailing a bit:
>
> spork@tiny[~]$ ssh -V
> SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0.
>
> And:
>
> spork@tiny[~]$ ssh -c des 216.223.x.x
> Unknown cipher type 'des'
>
> However it appears newer versions include it, but warn you:
>
> oscar[/var/spool/tftp/ios]# ssh -c des -l foo 216.223.x.x
> Warning: use of DES is strongly discouraged due to cryptographic weaknesses
> foo@216.223.x.x's password:
>
> Sorry for the noise,
>
> Charles
>
> > also, does anyone curse cisco for refusing to support ssh protocol 2?
> > they have much more resources than the openssh team.
> >
>
>
