Bug#506115: openssh: Plaintext Recovery Attack Against SSH
On Fri, 21 Nov 2008, Colin Watson wrote:
> Accordingly, I'm downgrading this bug; I'd rather not rush out a
> configuration change (which could well break interoperability with
> unusual servers; it wouldn't be the first time) when upstream doesn't
> feel it's urgent enough to do so themselves.
Right. But what exactly are the pits one could fall into, should one
follow the advice?
How would one go about asking the ssh-server something like:
What ciphers are you capable of?
from a batch job?
The answer would enable the admin to assert if interoperability allows for
such a measure.