14.11.2018, 18:16, "Matt Johnston" <m...@ucc.asn.au>:
> Hi Nik,
>
>> dbclient sends "SSH-2.0-dropbear_2018.76\r\n" and kexinit
>> cisco sends "SSH-2.0-Cisco-1.25\r\n"
>> then cisco waits "ip ssh time-out" seconds and then closes the TCP socket.
>>
>> my conjecture is that cisco empties its receive buffer after sendind the
>> identification string and then waits for the lost kexinit.
>> To prove my idea I added a sleep() after the first write_packet(), and
>> dbclient was able to connect to cisco (ios 12.4 and 15.1).
>
> Yes, it seems some Cisco SSH versions are buggy. Older IOS is possibly OK (I
> did a bit of investigation about a year ago when someone reported similar).
>
> I'm not keen on changing dbclient, the current implementation saves a network
> roundtrip. It's perfectly reasonable according to the spec. If you have Cisco
> support could you report it to them?
Note that OpenSSH enables a couple of workarounds for Cisco-1.*
https://github.com/openssh/openssh-portable/blob/master/compat.c#L88
>
> Cheers,
> Matt
>
> rfc4253:
> 5.2. New Client, Old Server
>
> Since the new client MAY immediately send additional data after its
> identification string (before receiving the server's identification
> string), ...
--
Regards,
Konstantin
