On Sat, Apr 25, 2015 at 07:42:10PM +0100, Dominic Hargreaves wrote: > Package: python-paramiko > Version: 1.7.7.1-3.1 > Severity: important > > As noted in <https://github.com/paramiko/paramiko/issues/423> versions > of paramiko < 1.15.1 (well, 1.7.7.1-3.1 and 1.10.1-1~bpo70+1 tested > by me) can't talk to OpenSSH 6.7 with its default cipher list. Whilst one > can work around this by using a non-default cipherlist, we shouldn't > require our users to configure ciphers considered to be insecure. > > I can't actually see the related commit, but perhaps it's more obvious > to someone else? > > It would be great to have this fixed in a wheezy point-release.
Hmm, in fact even adding back all Ciphers and MACs, I can't get it working again: Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256,blowfish-cbc,cast128-cbc MACs umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1,hmac-sha1-96 (Interestingly enough, it works fine from squeeze -> jessie, just not wheezy -> jessie). Here's the traceback I forgot to include last time: ssh: Exception: Incompatible ssh peer (no acceptable kex algorithm) ssh: Traceback (most recent call last): ssh: File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 1546, in run ssh: self._handler_table[ptype](self, m) ssh: File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 1618, in _negotiate_keys ssh: self._parse_kex_init(m) ssh: File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 1731, in _parse_kex_init ssh: raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)') ssh: SSHException: Incompatible ssh peer (no acceptable kex algorithm) Dominic. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org