Hello Aris,
We noticed a problem with libssh using ciphers other than aes128-cbc for
communication. We were previously using libssh-0.3.4, which used
aes128-cbc for communication and it was working fine. We now started
using the new library i.e libssh-0.4.5 and we were unable to connect to
our Network Elements or Linux machines.
Upon investigation, we found that we cannot connect to our Linux
machines or our Network Elements when the libssh library makes use of
aes256-ctr, aes256-cbc or aes192-cbc ciphers for ssh communication. But
we do not see this problem while connecting to Solaris machines.
In order to make libssh-0.4.5 to work for us, we had to make the
following changes:
After compilation and before running the 'make' command
A) Open libssh-0.4.5/build/libssh/config.h
Add the following line:
#define BROKEN_AES_CTR 1
B) Open libssh-0.4.5/libssh/kex.c
Comment the following statement and add the statement with aes128-cbc
instead:
//#define AES "aes256-cbc,aes192-cbc,aes128-cbc,"
#define AES "aes128-cbc,"
Please let me know if this is a problem with the compatibility of these
ciphers with libssh library or something that we need to change in our
environment here. Let me know if you need further information.
Thanks for your help.
Uday.
