Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh unkown cipher type error
Top Forums Shell Programming and Scripting ssh unkown cipher type error Post 302546764 by pludi on Friday 12th of August 2011 05:15:03 AM
Old 08-12-2011
man ssh:
Quote:
-c cipher_spec
Selects the cipher specification for encrypting the session.

Protocol version 1 allows specification of a single cipher. The supported values are "3des", "blowfish", and "des". 3des (triple-des) is an encrypt-decrypt-encrypt triple with three dif- ferent keys. It is believed to be secure. blowfish is a fast block cipher; it appears very secure and is much faster than 3des. des is only supported in the ssh client for interoperabil- ity with legacy protocol 1 implementations that do not support the 3des cipher. Its use is strongly discouraged due to crypto- graphic weaknesses. The default is "3des".

For protocol version 2, cipher_spec is a comma-separated list of ciphers listed in order of preference. The supported ciphers are: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour, blow- fish-cbc, and cast128-cbc. The default is:

aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
aes192-ctr,aes256-ctr
Meaning the -c option isn't the same as for bash/ksh/... where it means "I only want to run 1 command". Besides, you have too many quotes around the command itself.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

cipher scp question

Hi, At the moment there are two ciphers available on our unix box (aix 5.1)...aes256 and 3des. Can somebody tell how can use a different cipher (aes128 one that use less cpu and is faster). How do i install this. How can i see wich ciphers are available. In the config file of ssh2 the folowwing... (0 Replies)
Discussion started by: lennyxx
0 Replies

2. UNIX for Dummies Questions & Answers

Build Error: error: dereferencing pointer to incomplete type

I'm getting the following Error: prepare_pcap.c: In function `prepare_pkts': prepare_pcap.c:127: error: dereferencing pointer to incomplete type prepare_pcap.c:138: error: dereferencing pointer to incomplete type ==================================== This is the part of the relevant... (8 Replies)
Discussion started by: katwala
8 Replies

3. Web Development

Unkown table Engine 'InnoDB' on a RedHat server with MySQL v5!

hi all, After installing MySQL Source Code on my RedHat machine and compiling it, i no longer have access to some of my DBs having this error message. Unkown table Engine 'InnoDB' Before this step, i used to have another MySQL instance that used to work properly with all the DBs i do have,... (7 Replies)
Discussion started by: mehdi1973
7 Replies

4. Linux

Unkown memory usage, top doesn't know

Hi, Yersterday I started monitoring my homeserver memory consumition due some errors found in the system (network hangs). I've detected almost all the memory used (~10 MB free from 1GB). First I thought it was because of the MySQL configuration, so I monitored it with top and found it wasn't... (6 Replies)
Discussion started by: nefeli
6 Replies

5. Cybersecurity

Openssl cipher strength

I have read the forums for strengthing the openssl ciphers on a server and the following command I can run: openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH' I have some services that cannot be set to higher levels like you can set in an httpd.conf file.... (1 Reply)
Discussion started by: hydrashok158
1 Replies

6. UNIX for Advanced & Expert Users

[BASH] Read pipe of unkown number of arguments?

Heays So i have that script to which i'd like to pipe (rather than just regular arguments) some data from another virtual output command. Simplified: echo * | script.sh When i know how many args i expect, i can handle this simple by: && \ read ONE TWO && \ set ONE TWO echo "$1 : $2... (7 Replies)
Discussion started by: sea
7 Replies

7. UNIX for Beginners Questions & Answers

How can i create a script that will ssh a device and type some commands?

Hi Guys, this is the scenario: ubuntu pc and I have 10 wireless devices that I need to check their firmware version. I would like to create a script that it will ask me IP, after I enter it, I hit enter then it will show me the version of the firmware. this is what i do. ssh... (9 Replies)
Discussion started by: gabak
9 Replies

8. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

9. Solaris

Cipher issue on Solaris 11.4

Hi, Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error key exchange failed: cipher... (1 Reply)
Discussion started by: solaris_1977
1 Replies

LEARN ABOUT SUSE

conch

CONCH(1)						    BSD General Commands Manual 						  CONCH(1)

NAME

     conch -- Conch SSH client

SYNOPSIS

     conch [-AaCfINnrsTtVvx] [-c cipher_spec] [-e escape_char] [-i identity_file] [-K connection_spec] [-L port:host:hostport] [-l user]
	   [-m mac_spec] [-o openssh_option] [-p port] [-R port:host:hostport] [user@] hostname [command]

DESCRIPTION

     conch is a SSHv2 client for logging into a remote machine and executing commands.	It provides encrypted and secure communications across a
     possibly insecure network.  Arbitrary TCP/IP ports can also be forwarded over the secure connection.

     conch connects and logs into hostname (as user or the current username).  The user must prove her/his identity through a public-key or a
     password.	Alternatively, if a connection is already open to a server, a new shell can be opened over the connection without having to reau-
     thenticate.

     If command is specified, command is executed instead of a shell.  If the -s option is given, command is treated as an SSHv2 subsystem name.

   Authentication
     Conch supports the public-key, keyboard-interactive, and password authentications.

     The public-key method allows the RSA or DSA algorithm to be used.	The client uses his/her private key, $HOME/.ssh/id_rsa or
     $HOME/.ssh/id_dsa to sign the session identifier, known only by the client and server.  The server checks that the matching public key is
     valid for the user, and that the signature is correct.

     If public-key authentication fails, conch can authenticate by sending an encrypted password over the connection.

   Connection sharing
     conch has the ability to multiplex multiple shells, commands and TCP/IP ports over the same secure connection.  To disable multiplexing for a
     connection, use the -I flag.

     The -K option determines how the client connects to the remote host.  It is a comma-separated list of the methods to use, in order of prefer-
     ence.  The two connection methods are 'unix' (for connecting over a multiplexed connection) and 'direct' (to connect directly).  To disable
     connecting over a multiplexed connection, do not include 'unix' in the preference list.

     As an example of how connection sharing works, to speed up CVS over SSH:

     conch --noshell --fork -l cvs_user cvs_host
     set CVS_RSH=conch

     Now, when CVS connects to cvs_host as cvs_user, instead of making a new connection to the server, conch will add a new channel to the exist-
     ing connection.  This saves the cost of repeatedly negotiating the cryptography and authentication.

     The options are as follows:

     -A      Enables authentication agent forwarding.

     -a      Disables authentication agent forwarding (default).

     -C      Enable compression.

     -c cipher_spec
	     Selects encryption algorithms to be used for this connection, as a comma-separated list of ciphers in order of preference.  The list
	     that conch supports is (in order of default preference): aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc,
	     cast128-ctr, cast128-cbc, blowfish-ctr, blowfish, idea-ctr, idea-cbc, 3des-ctr, 3des-cbc.

     -e ch | ^ch | none
	     Sets the escape character for sessions with a PTY (default: '~').	The escape character is only recognized at the beginning of a line
	     (after a newline).  The escape character followed by a dot ('.') closes the connection; followed by ^Z suspends the connection; and
	     followed by the escape character sends the escape character once.	Setting the character to ``none'' disables any escapes.

     -f      Fork to background after authentication.

     -I      Do not allow connection sharing over this connection.

     -i identity_spec
	     The file from which the identity (private key) for RSA or DSA authentication is read.  The defaults are $HOME/.ssh/id_rsa and
	     $HOME/.ssh/id_dsa.  It is possible to use this option more than once to use more than one private key.

     -K connection_spec
	     Selects methods for connection to the server, as a comma-separated list of methods in order of preference.  See Connection sharing
	     for more information.

     -L port:host:hostport
	     Specifies that the given port on the client host is to be forwarded to the given host and port on the remote side.  This allocates a
	     socket to listen to port on the local side, and when connections are made to that socket, they are forwarded over the secure channel
	     and a connection is made to host port hostport from the remote machine.  Only root can forward privieged ports.

     -l user
	     Log in using this username.

     -m mac_spec
	     Selects MAC (message authentication code) algorithms, as a comma-separated list in order of preference.  The list that conch supports
	     is (in order of preference): hmac-sha1, hmac-md5.

     -N      Do not execute a shell or command.

     -n      Redirect input from /dev/null.

     -o openssh_option
	     Ignored OpenSSH options.

     -p port
	     The port to connect to on the server.

     -R port:host:hostport
	     Specifies that the given port on the remote host is to be forwarded to the given host and port on the local side.	This allocates a
	     socket to listen to port on the remote side, and when connections are made to that socket, they are forwarded over the secure channel
	     and a connection is made to host port hostport from the client host.  Only root can forward privieged ports.

     -s      Reconnect to the server if the connection is lost.

     -s      Invoke command (mandatory) as a SSHv2 subsystem.

     -T      Do not allocate a TTY.

     -t      Allocate a TTY even if command is given.

     -V      Display version number only.

     -v      Log to stderr.

     -x      Disable X11 connection forwarding (default).

AUTHOR

     Written by Paul Swartz <z3p@twistedmatrix.com>.

REPORTING BUGS

     To report a bug, visit http://twistedmatrix.com/bugs/

COPYRIGHT

     Copyright (C) 2002-2008 Twisted Matrix Laboratories.
     This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
     PURPOSE.

SEE ALSO

     ssh(1)

BSD
								   May 22, 2004 							       BSD
All times are GMT -4. The time now is 04:06 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy