Ignacio Torres Masdeu

Why RouterOS is crap: SSH server implementation

RFC 4344 (2006):

6.2. Encryption Method Considerations

Researchers have shown that the original CBC-based encryption methods in [RFC4253] are vulnerable to chosen-plaintext privacy attacks [DAI,BKN1,BKN2]. The new stateful-decryption counter mode encryption methods described in Section 4 of this document were designed to be secure replacements to the original encryption methods described in [RFC4253].

You guessed it, RouterOS only supports CBC-based encryption methods. To wit:

Not a big issue unless you are using an SSH library that follows RFC4344 like the one in Go.