Re: Fixing exchange of host keys in the SSH key exchange

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

>(They were the SSH listeners on devices such as switches.)

It seems to be an unwritten law that big-iron networking hardware has to run
15-to-20-year-old unpatched copies of some version of SSH that the
switch/router vendor found in a dumpster somewhere.  I've seen late-1990s
ssh.com implementations as recently as a few years ago, which is why I have to
keep active old SSH bug-workarounds that should have been retired a decade or
more ago.  Being able to remotely crash a carrier-grade router [0] by sending
it an SSH option it didn't expect is a bit disturbing... this is why my code
grew a dump-full-packet-trace-to-debug-console option at some point in the
past.

Peter.

[0] I guess the SSH part is excluded from the carrier-grade categorisation.