From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 90377 invoked by alias); 4 Apr 2017 12:26:12 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 90360 invoked by uid 89); 4 Apr 2017 12:26:11 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=outward, txt, sheer, U*cygsimple X-HELO: mail-io0-f195.google.com Received: from mail-io0-f195.google.com (HELO mail-io0-f195.google.com) (209.85.223.195) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 04 Apr 2017 12:26:10 +0000 Received: by mail-io0-f195.google.com with SMTP id 68so14879188ioh.3 for ; Tue, 04 Apr 2017 05:26:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=bU2Hp2dt/yRKu272ZFIMr9BwVjCBZiTDiuuoLmB6B5c=; b=YZMV3YVVt4dtzFtXeno/NgUVtsnitNzKxoYqoPKBBDGzqzZ/b/s6ZYbly8aWZmlp+8 qV84K9DaMf9C3wcOwwKjtPgMl5VWNguMTRvKOVVE/2OYh889BKnuuQxELqSCRIO/rHVK gJW7qCw/9O9QMF8VgckDBWu30/3hKc6043EUF0H0QKlrEXE31y738PlUqffrAlembm/A PvcRZ5HaNDYY5N33ceGSzM6TAyrLOq7e8BJ1IUR1+UYWNfeyDMk5NRH8FlMwaF2XG2dS CpVpChuoL2HboTpEnecDTi+PxDbLX438+LuzAdXBuOBYD2akADFscQyYs+q/5jMgLHo+ fz0g== X-Gm-Message-State: AFeK/H0asbSECLYYl+WQxgpHdoPHZaEBEtsdj8ivlTM+HJaWQVhoNrZaDdEfJZco04oe3g== X-Received: by 10.107.19.196 with SMTP id 65mr20822040iot.191.1491308770083; Tue, 04 Apr 2017 05:26:10 -0700 (PDT) Received: from [192.168.0.6] (d27-96-48-76.nap.wideopenwest.com. [96.27.76.48]) by smtp.gmail.com with ESMTPSA id 9sm5912120itm.6.2017.04.04.05.26.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Apr 2017 05:26:09 -0700 (PDT) Subject: Re: Downgrade opensshh from 7.4 to 5.1? To: cygwin@cygwin.com References: <9894fed9-9416-d3cf-71c6-3640291c59ac@gmail.com> From: cyg Simple Message-ID: <86046d97-ecc0-ce4e-def4-43becdb1347c@gmail.com> Date: Tue, 04 Apr 2017 12:26:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2017-04/txt/msg00037.txt.bz2 On 4/3/2017 12:23 PM, Stephen John Smoogen wrote: > On 3 April 2017 at 11:03, cyg Simple wrote: >> On 4/3/2017 10:45 AM, Kleine Raphael wrote: >>> Hello >>> >>> My client can not support OpenSSH_7.2p2 (OpenSSL 1.0.2h 3 May 2016) >>> and I must downgrade the server to OpenSSH_5.1p1 (OpenSSL 0.9.8l 5 Nov >>> 2009) >>> >> >> Explain more the "can not support". >> > > While I agree we need more information, this may be one of the cases > where a person is trying to be circumspect due to other policies. > > I think that the OpenSSH after 6.9 started dropping support for older > algorithms (https://www.openssh.com/txt/release-7.0) . If you are > using SSH to manage various industrial equipment then you are pretty > much stuck with using older SSH because the equipment may only support > RC4 or maybe only has keys of 512 or 768 bits. [Trying to get an > industrial manufacturer to update equipment is a multi-decade process. > They may have just started creating hardware which has SSH vs straight > telnet and they won't update to a newer version of SSH until 2028 :/] That may be true except for PCI compliance[1] where every piece of equipment between the processor and computer needs to be 1024 bit standard. I'm well aware of the fact that the change takes time even in my own professional job there are still certificates that carry the 512 bit cert data. That doesn't mean the business is not trying to upgrade but due to the sheer mass of computers running the business there are a few with OLD, OUT-OF-DATE hardware and OS. However where the business is outward facing the whole process has been updated without delay. [1] https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard -- cyg Simple -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple