<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:12pt"><div><span><br></span></div><div class="yahoo_quoted" style="display: block;"> <br> <br> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"> <div dir="ltr" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;"> <font size="2" face="Arial"> On Friday, 10 January 2014, 13:55, Daniel Shaw <daniel.shaw@point-oh.net> wrote:<br> </font> </div>  <div class="y_msg_container"><div id="yiv4872354292"><div><div dir="ltr"><br clear="none"><div class="yiv4872354292gmail_extra" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;
 font-size: 12pt;"><div class="yiv4872354292gmail_quote">On 10 January 2014 10:38, Loganaden Velvindron <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:gnukid1@yahoo.co.uk" target="_blank" href="mailto:gnukid1@yahoo.co.uk">gnukid1@yahoo.co.uk</a>></span> wrote:<br clear="none">

<blockquote class="yiv4872354292gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div style="font-size: 12pt; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">

<div><div class="yiv4872354292h5"><div style="font-size:12pt;">The issue is present on the CISCO 1841 model line when using password authentication scheme:</div><div style="font-size:12pt;"><br clear="none"></div><div style="font-size:12pt;">

Here's the stock ssh client on MAC OS X.</div></div></div></div></div></blockquote><div> </div><blockquote class="yiv4872354292gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;">
<div>
<div style="font-size: 12pt; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><div><div class="yiv4872354292h5"></div></div><div style="font-size:12pt;">Here's the openssh client from <a rel="nofollow" shape="rect" target="_blank" href="http://www.openssh.com/">www.openssh.com</a> &&
 compiled with default options.</div><div><div class="yiv4872354292h5"><div style="font-size:12pt;"><br clear="none"></div><div>./ssh -V</div><div>OpenSSH_6.4p1<br clear="none"></div><div><br clear="none"></div><div><span></span></div><div><div>OpenSSH_6.4, OpenSSL 0.9.8r 8 Feb 2011</div>

<div>debug1: Reading configuration data /opt2/etc/ssh_config </div></div></div></div></div></div></blockquote><div><br clear="none"></div><div>Further correction:<br clear="none"></div><div>The issue is present using openssh 6.4, compiled with OSX compiler X (fill in what you used), on OSX version 10.x.x (whatever version you have), against OpenSSL 0.9.8r, connecting to an 1841 router (using default compile options and ssh_config as per source download).<br clear="none">

</div></div><br clear="none"></div><div class="yiv4872354292gmail_extra" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;">Here is the same version of OpenSSH, but compiled on a Red Hat / CentOS / other similar derivative, using the packager's choice of compile options and gcc, running on a different CentOS install (6.x), with the ssh_config from the previous openssh version as packaged by CentOS, linked against OpenSSL 1.0.0...<br clear="none">

<br><br>I tried it on a CentOS machine by download a snapshot from www.openssh.com and compiling</div><div class="yiv4872354292gmail_extra" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;">from source with default compile options:</div><div class="yiv4872354292gmail_extra" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;"><br></div><div class="yiv4872354292gmail_extra">http://www.mindrot.org/openssh_snap/openssh-SNAP-20140110.tar.gz<br></div><div class="yiv4872354292gmail_extra">(that's the next version of openssh aka OpenSSH 6.5)</div><div class="yiv4872354292gmail_extra"><br></div><div class="yiv4872354292gmail_extra">It seems that our latest changes wrt to the new ciphers aren't  supported by some of</div><div class="yiv4872354292gmail_extra">the CISCO routers.</div><div
 class="yiv4872354292gmail_extra"><br></div><div class="yiv4872354292gmail_extra">------------------</div><div class="yiv4872354292gmail_extra" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;">./ssh -V</div><div class="yiv4872354292gmail_extra">OpenSSH_6.4p1-snap20140110, OpenSSL 1.0.1e-fips 11 Feb 2013<br></div><div class="yiv4872354292gmail_extra"><div class="yiv4872354292gmail_extra"><br></div><div class="yiv4872354292gmail_extra">------------------</div><div class="yiv4872354292gmail_extra">[logan@machine openssh]$ ./ssh -v root@196.1.0.222</div><div class="yiv4872354292gmail_extra">OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013</div><div class="yiv4872354292gmail_extra">debug1: Connecting to 196.1.0.222 [ip] port 22.</div><div class="yiv4872354292gmail_extra">debug1: Connection established.</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_rsa type
 -1</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_rsa-cert type -1</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_dsa type -1</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_dsa-cert type -1</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_ecdsa type -1</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_ecdsa-cert type -1</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_ed25519 type -1</div><div class="yiv4872354292gmail_extra">debug1: identity file /home/logan/.ssh/id_ed25519-cert type -1</div><div class="yiv4872354292gmail_extra">debug1: Enabling compatibility mode for protocol 2.0</div><div class="yiv4872354292gmail_extra">debug1: Local version string SSH-2.0-OpenSSH_6.4</div><div class="yiv4872354292gmail_extra">debug1: Remote
 protocol version 2.0, remote software version Cisco-1.25</div><div class="yiv4872354292gmail_extra">debug1: no match: Cisco-1.25</div><div class="yiv4872354292gmail_extra">debug1: SSH2_MSG_KEXINIT sent</div><div class="yiv4872354292gmail_extra">debug1: SSH2_MSG_KEXINIT received</div><div class="yiv4872354292gmail_extra">debug1: kex: server->client aes128-cbc hmac-md5 none</div><div class="yiv4872354292gmail_extra">debug1: kex: client->server aes128-cbc hmac-md5 none</div><div class="yiv4872354292gmail_extra">debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent</div><div class="yiv4872354292gmail_extra">debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP</div><div class="yiv4872354292gmail_extra">Connection closed by ip</div><div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;"><br></div><br clear="none"><font size="3">$ ssh -V</font><br clear="none"><font
 size="3">OpenSSH_6.4p1, OpenSSL 1.0.0-fips 29 Mar 2010</font><br clear="none"><br clear="none"><font size="3">$ ssh -v hostname.domain</font><br clear="none"><font size="3">OpenSSH_6.4, OpenSSL 1.0.0-fips 29 Mar 2010</font><br clear="none"><font size="3">debug1: Reading configuration data /etc/ssh/ssh_config</font><br clear="none"><font size="3">debug1: /etc/ssh/ssh_config line 49: Applying options for *</font><br clear="none"><font size="3">

debug1: Connecting to hostname.domain [ip.ip.ip.ip] port 22.</font><br clear="none"><font size="3">debug1: Connection established.</font><br clear="none"><font size="3">debug1: identity file /home/daniel/.ssh/id_rsa type -1</font><br clear="none"><font size="3">debug1: identity file /home/daniel/.ssh/id_rsa-cert type -1</font><br clear="none"><font size="3">
debug1: identity file /home/daniel/.ssh/id_dsa type -1</font><br clear="none"><font size="3">
debug1: identity file /home/daniel/.ssh/id_dsa-cert type -1</font><br clear="none"><font size="3">debug1: Enabling compatibility mode for protocol 2.0</font><br clear="none"><font size="3">debug1: Local version string SSH-2.0-OpenSSH_6.4</font><br clear="none"><font size="3">debug1: Remote protocol version 2.0, remote software version Cisco-1.25</font><br clear="none"><font size="3">

debug1: no match: Cisco-1.25</font><br clear="none"><font size="3">debug1: SSH2_MSG_KEXINIT sent</font><br clear="none"><font size="3">debug1: SSH2_MSG_KEXINIT received</font><br clear="none"><font size="3">debug1: kex: server->client aes128-cbc hmac-md5 none</font><br clear="none"><font size="3">debug1: kex: client->server aes128-cbc hmac-md5 none</font><br clear="none"><font size="3">
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent</font><br clear="none"><font size="3">
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP</font><br clear="none"><font size="3">debug1: SSH2_MSG_KEX_DH_GEX_INIT sent</font><br clear="none"><font size="3">debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY</font><br clear="none"><font size="3">debug1: Server host key: RSA bf:ec:34:55:8b:05:0a:6d:1e:7b:43:04:5d:03:b3:c7</font><br clear="none"><font size="3">debug1: Host 'hostname.domain' is known and matches the RSA host key.</font><br clear="none"><font size="3">

debug1: Found key in ~/.ssh/known_hosts:61</font><br clear="none"><font size="3">debug1: ssh_rsa_verify: signature correct</font><br clear="none"><font size="3">debug1: SSH2_MSG_NEWKEYS sent</font><br clear="none"><font size="3">debug1: expecting SSH2_MSG_NEWKEYS</font><br clear="none"><font size="3">debug1: SSH2_MSG_NEWKEYS received</font><br clear="none"><font size="3">debug1: Roaming not allowed by server</font><br clear="none"><font size="3">

debug1: SSH2_MSG_SERVICE_REQUEST sent</font><br clear="none"><font size="3">debug1: SSH2_MSG_SERVICE_ACCEPT received</font><br clear="none"><br clear="none"><font size="3">*************************************************************</font><br clear="none"><font size="3">* This is a restricted area. Unauthorised access prohibited *</font><br clear="none"><font size="3">*************************************************************</font><br clear="none"><font size="3">

debug1: Authentications that can continue: publickey,keyboard-interactive,password</font><br clear="none"><font size="3">debug1: Next authentication method: publickey</font><br clear="none"><font size="3">debug1: Trying private key: /home/daniel/.ssh/id_rsa</font><br clear="none"><font size="3">debug1: Trying private key: /home/daniel/.ssh/id_dsa</font><br clear="none"><font size="3">

debug1: Next authentication method: keyboard-interactive</font><br clear="none"><font size="3">Password:</font><div class="yiv4872354292yqt9885943160" id="yiv4872354292yqtfd39533" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;"><br clear="none">debug1: Authentications that can continue: publickey,keyboard-interactive,password</div><br clear="none"><font size="3">Password:</font><br clear="none"><font size="3">debug1: Authentication succeeded (keyboard-interactive).</font><br clear="none"><font size="3">

Authenticated to hostname.domain ([ip.ip.ip.ip:22).</font><br clear="none"><font size="3">debug1: channel 0: new [client-session]</font><br clear="none"><font size="3">debug1: Entering interactive session.</font><br clear="none"><font size="3">debug1: Sending environment.</font><br clear="none"><font size="3">debug1: Sending env LC_ALL = en_US</font><br clear="none"><font size="3">debug1: Sending env LANG = en_US.UTF-8</font><br clear="none"><font size="3">

debug1: Sending env LANGUAGE = en_US.UTF-8</font><br clear="none"><br clear="none"><font size="3">hostname.domain></font><br clear="none"></div><div class="yiv4872354292gmail_extra" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;"><br clear="none"></div><div class="yiv4872354292gmail_extra" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;">And...<br clear="none"><br clear="none">hostname.domain#sh ver<br clear="none">Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 15.0(1)M7, RELEASE SOFTWARE (fc2)<br clear="none">

Technical Support: <a rel="nofollow" shape="rect" target="_blank" href="http://www.cisco.com/techsupport">http://www.cisco.com/techsupport</a><br clear="none">Copyright (c) 1986-2011 by Cisco Systems, Inc.<br clear="none">Compiled Thu 04-Aug-11 19:42 by prod_rel_team<br clear="none"><br clear="none">ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)<div class="yiv4872354292yqt9885943160" id="yiv4872354292yqtfd91010"><br clear="none">

<br clear="none"><br clear="none"></div></div></div></div></div><br><br></div>  </div> </div>  </div> </div></body></html>