Casio Naurtech CETerm Ver.5.5 User Manual User Manual
Page 46
N
AURTECH
E
MULATORS
&
W
EB
B
ROWSER FOR
W
INDOWS
CE
/
W
INDOWS
M
OBILE
CETerm | CE3270 | CE5250 | CEVT220
Page 46
keys, CETerm will automatically try RSA authentication before falling back to
passwords, so these servers will crash when they see the RSA attempt.
If this bug is auto-sensed, CETerm will go straight to password authentication. If
this option is enabled when talking to a correct server, the session will succeed,
but of course RSA authentication will be impossible.
This option only applies to SSH-1 servers. The default option is Auto-Sense.
Bug
– SSH-2 HMAC Key: Versions 2.3.0 and below of the SSH server software
from ssh.com compute the keys for their HMAC message authentication codes
incorrectly. A typical symptom of this problem is that CETerm can fail at the
beginning of the session, saying ‗Incorrect MAC received on packet‘.
If this bug is auto-sensed, CETerm will compute its HMAC keys in the same way
as the buggy server, so that communication will still be possible. If this option is
enabled when talking to a correct server, communication will fail.
This option only applies to SSH-2 servers. The default option is Auto-Sense.
Bug
– SSH-2 Encryption Key: Versions below 2.0.11 of the SSH server
software from ssh.com compute the keys for the session encryption incorrectly.
This problem can cause various error messages, such as ‗Incoming packet was
garbled on decryption‘, or possibly even ‗Out of memory‘.
If this bug is auto-sensed, CETerm will compute its encryption keys in the same
way as the buggy server, so that communication will still be possible. If this
option is enabled when talking to a correct server, communication will fail.
This option only applies to SSH-2 servers. The default option is Auto-Sense.
Bug
– SSH-2 RSA Signature: Versions below 3.3 of OpenSSH require SSH-2
RSA signatures to be padded with zero bytes to the same length as the RSA key
modulus. The SSH-2 draft specification says that an unpadded signature MUST
be accepted, so this is a bug. A typical symptom of this problem is that CETerm
mysteriously fails RSA authentication once in every few hundred attempts, and
falls back to passwords.
If this bug is auto-sensed, CETerm will pad its signatures in the way OpenSSH
expects. If this option is enabled when talking to a correct server, it is likely that
no damage will be done, since correct servers usually still accept padded
signatures because they're used to talking to OpenSSH.
This option only applies to SSH-2 servers. The default option is Auto-Sense.
Bug
– SSH-2 ID in PK Auth: Versions below 2.3 of OpenSSH require SSH-2
public-key authentication to be done slightly differently: the data to be signed by
the client contains the session ID formatted in a different way. If public-key
authentication mysteriously does not work but the Event Log thinks it has