Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH returns "no matching cipher"

Status
Not open for further replies.
phorbiuz

phorbiuz

Technical User
Jul 22, 2004
67
GB
Sorry to ask the question people, but I did a search under the Sun Solaris option and got no matches.

Anyway, I'm on a Sun Solaris box (SunOS dcunix3 5.9 Generic_118558-26) trying to ssh to an AIX box (AIX sanmdr 3 5 00CD0F5F4C00). You'll probably recognise the stuff in brackets as the output from the uname command. When I try to ssh, I get the following:

dcunix3 # ssh -v -l dforbe sanmdr
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to sanmdr [172.20.31.136] port 22.
debug1: Connection established.
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH_3.6*,OpenSSH_3.7*,OpenSSH_3.8*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
no matching cipher found: client aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc server aes256-cbc
debug1: Calling cleanup 0x47d24(0x0)
dcunix3 #

Anyone any suggestions please?

Thanks in advance.
 
Sort by date Sort by votes
It appears the ciphers or encryption methods do not match.

On one side you have a choice of aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc

And on the ohther side you have aes256-cbc

The sshd_config file is the config file which holds a list of available ciphers.
 
Upvote 0 Downvote
OK, thanks, but I can't add aes256-cbc to the ciphers line in sshd_config or it throws up a 'Bad SSH2 cipher spec' error, and I can't lower the cipher spec on the destination either.

Any more suggestions, particularly how I get the local machine to be happy with aes256-cbc?

 
Upvote 0 Downvote
Not the best solution but until Sun supports 256 bit encryption (didn't see any mention in Solaris 10 Release 4 you can download and use openssh.
The supported ciphers are: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour, blow-fish-cbc, and cast128-cbc.

Source or package can be downloaded from:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mystradivarius
  • Locked
  • Question
Sun Fire V440 "I need help to replace server"
Replies
2
Views
440
mystradivarius
mystradivarius
SamBones
  • Locked
  • Question
Is ZFS "largefile" Aware?
Replies
2
Views
171
AIXSolarisAdmin
AIXSolarisAdmin
ZahidHaseeb1978
  • Locked
  • Question
Start /SYS on SUN SPARC does not start machine [SUN SPARC ENTERPRISE T-5240]
Replies
0
Views
402
ZahidHaseeb1978
ZahidHaseeb1978
Senarasan
  • Locked
  • Question
Solaris11.3 /etc/resolv.conf not creating after reboot
Replies
0
Views
190
Senarasan
Senarasan
SamBones
  • Locked
  • Question
No more SPARC Workstations?
Replies
0
Views
71
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top