[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

libssh-0.4.5 - Problem with some ciphers


Hello Aris,
We noticed a problem with libssh using ciphers other than aes128-cbc for communication. We were previously using libssh-0.3.4, which used aes128-cbc for communication and it was working fine. We now started using the new library i.e libssh-0.4.5 and we were unable to connect to our Network Elements or Linux machines.

Upon investigation, we found that we cannot connect to our Linux machines or our Network Elements when the libssh library makes use of aes256-ctr, aes256-cbc or aes192-cbc ciphers for ssh communication. But we do not see this problem while connecting to Solaris machines.

In order to make libssh-0.4.5 to work for us, we had to make the following changes:

After compilation and before running the 'make' command
A) Open libssh-0.4.5/build/libssh/config.h
Add the following line:
 #define BROKEN_AES_CTR 1

B) Open libssh-0.4.5/libssh/kex.c
Comment the following statement and add the statement with aes128-cbc instead:
//#define AES "aes256-cbc,aes192-cbc,aes128-cbc,"
#define AES "aes128-cbc,"

Please let me know if this is a problem with the compatibility of these ciphers with libssh library or something that we need to change in our environment here. Let me know if you need further information.

Thanks for your help.
Uday.

Follow-Ups:
Re: libssh-0.4.5 - Problem with some ciphersAris Adamantiadis <aris@xxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org