Hi!
I realize my previous message¹ went unanswered:
OpenSSH 6.7 removed all CBC, among others, from its default cipher suites (see http://www.openssh.com/txt/release-6.7.)
As a consequence, the SSH client from lsh 2.1 cannot connect to a recent OpenSSH server by default. Instead, one needs to pass ‘-c aes256-ctr’, which is one of the few ciphers in common.
I think it would make sense to make a new lsh release that would at least change the default set of cipher suites to follow what OpenSSH did. WDYT?
I think this is one of the things urgently needed if we want to allow people to keep using lsh/lshd, along with applying the Nettle 3 upgrade patch².
Thanks, Ludo’.
¹ http://lists.lysator.liu.se/pipermail/lsh-bugs/2015q3/000664.html ² http://lists.lysator.liu.se/pipermail/lsh-bugs/2015q3/000662.html