© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Created attachment 956814
Patch to handle Cisco issue
We observed this behavior and tracked it down to two issues:
- Some Cisco ssh daemons only allow DH key sizes that are powers of two
- Some Cisco ssh daemons only allow DH key sizes that are 4096 bits or less
We observed both behaviors on various IOS versions. The attached patch adds a new compatibility flag to track the max DH size bug and changes the key size choice algorithm to only offer key sizes that are powers of two.
The cryptlib implementation of SSH only supports key sizes that are powers of two, so the change to the key choices is conditioned on the Cisco SSH daemon banner, as using 3072 and 7680 bits has been seen to cause connection failures on other servers as well.