Hi! I realize my previous message¹ went unanswered:
OpenSSH 6.7 removed all CBC, among others, from its default cipher suites (see <http://www.openssh.com/txt/release-6.7>.) As a consequence, the SSH client from lsh 2.1 cannot connect to a recent OpenSSH server by default. Instead, one needs to pass ‘-c aes256-ctr’, which is one of the few ciphers in common. I think it would make sense to make a new lsh release that would at least change the default set of cipher suites to follow what OpenSSH did. WDYT? I think this is one of the things urgently needed if we want to allow people to keep using lsh/lshd, along with applying the Nettle 3 upgrade patch². Thanks, Ludo’. ¹ http://lists.lysator.liu.se/pipermail/lsh-bugs/2015q3/000664.html ² http://lists.lysator.liu.se/pipermail/lsh-bugs/2015q3/000662.html _______________________________________________ lsh-bugs mailing list lsh-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/lsh-bugs
