I've just come across a knock on effect of this bug when configuring the Ubuntu SSH server for <email address hidden> key exchange only, and using the latest Debian package openssh-client to connect.
Because Ubuntu's SSH server version doesnt match 6.6.1, the Debian SSH client disables <email address hidden> completely, getting rid of the (presumably) most secure algorithm available:
I've just come across a knock on effect of this bug when configuring the Ubuntu SSH server for <email address hidden> key exchange only, and using the latest Debian package openssh-client to connect.
Because Ubuntu's SSH server version doesnt match 6.6.1, the Debian SSH client disables <email address hidden> completely, getting rid of the (presumably) most secure algorithm available:
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ====
debug1: Local version string SSH-2.0- OpenSSH_ 6.6.1p1 Debian-4 6.5*,OpenSSH_ 6.6* compat 0x14000000 kex_proposal: original KEX proposal: <email address hidden> kex_proposal: compat KEX proposal:
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1
debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH_
...
debug2: compat_
debug2: Compat: skipping algorithm "<email address hidden>"
debug2: compat_
No supported key exchange algorithms found
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ====
The compat value being hit is in compat.c:100.