Bug#506115: openssh: Plaintext Recovery Attack Against SSH

[Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>]

On Fri, 21 Nov 2008, Colin Watson wrote:

> Accordingly, I'm downgrading this bug; I'd rather not rush out a
> configuration change (which could well break interoperability with
> unusual servers; it wouldn't be the first time) when upstream doesn't
> feel it's urgent enough to do so themselves.

Right.  But what exactly are the pits one could fall into, should one
follow the advice?

   Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc

How would one go about asking the ssh-server something like:

  What ciphers are you capable of?

from a batch job?
The answer would enable the admin to assert if interoperability allows for
such a measure.


Cheers,

-- 
Cristian