Re: telnet vs ssh on Core equipment , looking for reasons why ?

[Rafi Sadowsky <rafi-nanog () meron openu ac il>]

On Tue, 31 Jul 2001, Charles Sprickman wrote:

> On Tue, 31 Jul 2001, Kevin Steves wrote:
>
> > On Tue, 31 Jul 2001, Charles Sprickman wrote:
> > :6) Finding a unix ssh that supports 3DES and DES.

 DES(not 3DES) is a compile time option for SSH1
(default is not to support DES)

 Try to convince to person in charge of SSH that even SSH1+DES while weak
is much better than cleartext tel-net ....


-       Rafi



> > :
> > :I curse those OpenSSH folks for making me have to trudge through the code
> > :to find out how to get DES working...
> >
> > DES is supported in openssh for protocol 1 in the client with ssh -c des.
>
> Ooops.  The FreeBSD port I built from is trailing a bit:
>
> spork@tiny[~]$ ssh -V
> SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0.
>
> And:
>
> spork@tiny[~]$ ssh -c des 216.223.x.x
> Unknown cipher type 'des'
>
> However it appears newer versions include it, but warn you:
>
> oscar[/var/spool/tftp/ios]# ssh -c des -l foo 216.223.x.x
> Warning: use of DES is strongly discouraged due to cryptographic weaknesses
> foo@216.223.x.x's password:
>
> Sorry for the noise,
>
> Charles
>
> > also, does anyone curse cisco for refusing to support ssh protocol 2?
> > they have much more resources than the openssh team.