Hi!
I realize my previous message¹ went unanswered:
OpenSSH 6.7 removed all CBC, among others, from its default cipher
suites (see <http://www.openssh.com/txt/release-6.7>.)
As a consequence, the SSH client from lsh 2.1 cannot connect to a recent
OpenSSH server by default. Instead, one needs to pass ‘-c aes256-ctr’,
which is one of the few ciphers in common.
I think it would make sense to make a new lsh release that would at
least change the default set of cipher suites to follow what OpenSSH
did. WDYT?
I think this is one of the things urgently needed if we want to allow
people to keep using lsh/lshd, along with applying the Nettle 3 upgrade
patch².
Thanks,
Ludo’.
¹ http://lists.lysator.liu.se/pipermail/lsh-bugs/2015q3/000664.html
² http://lists.lysator.liu.se/pipermail/lsh-bugs/2015q3/000662.html