Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Cipher issue on Solaris 11.4
Operating Systems Solaris Cipher issue on Solaris 11.4 Post 303037404 by solaris_1977 on Wednesday 31st of July 2019 02:39:45 PM
Old 07-31-2019
Cipher issue on Solaris 11.4
Hi,

Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error
Code:
key exchange failed: cipher not compatible

One of the link on internet tells me about SecureCRT that I have:
AES-128
AES-192
AES-256

But it is looking for :
AES-128-CTR
AES-192-CTR
AES-256-CTR

I noticed that SSH was upgraded on server (Sun_SSH_2.2 to OpenSSH_7.7p1) and latest update of Oracle says "The default set of ciphers and MACs has been altered to remove unsafe algorithms. You can use the following commands to list all supported ciphers". and here is output:
Code:
# ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
#

That means my SecureCRT is old and not compatible with current solaris version. Due to management budget issues, it may probably take some time to spend money on getting latest SecureCRT.

- Is there any bypass/alternate, which should be be used to login for time-being ?

Any advice would be helpful for me to read further.

Thanks
Last edited by solaris_1977; 07-31-2019 at 04:05 PM..
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

cipher scp question

Hi, At the moment there are two ciphers available on our unix box (aix 5.1)...aes256 and 3des. Can somebody tell how can use a different cipher (aes128 one that use less cpu and is faster). How do i install this. How can i see wich ciphers are available. In the config file of ssh2 the folowwing... (0 Replies)
Discussion started by: lennyxx
0 Replies

2. Solaris

Solaris Issue

Hi, I am having a serious problem with a Solaris 2.6 box. Whenever I try and tar a large directory I get this error:tar: write error: unexpected EOF My own research shows that I might have to enable tarring large files by this command: fsadm -o largefiles <mountpoint> My box does not... (8 Replies)
Discussion started by: mojoman
8 Replies

3. Solaris

du -sh issue in solaris 10

i have 30 file systems on my production system and my system is responding too slow and / is 99% full is there any way i can run the du -sh only on root file systems and skip all the SAN file systems as the system is unable to do du -sdh * / as it would try to run du on all the SAN/NAS file... (5 Replies)
Discussion started by: fugitive
5 Replies

4. Solaris

Vi issue with solaris

I'm facing a peculiar issue when using vi on solaris. When i open a file using vi & search for a string pattern & if that pattern is not found & if i exit, vi exits with return value 1. (Checked the return value with 'echo $?' ). When the string is found, vi exits with return value 0. This... (9 Replies)
Discussion started by: pj87
9 Replies

5. Shell Programming and Scripting

ssh unkown cipher type error

Hello everyone, I am attempting to execute a script through SSH and am getting "unkown cipher type error".... Here is my command: ssh paydvopl02 -c '"/home/jpassema/test.sh 1"' and the actual error message : Unknown cipher type '"/home/jpassema/test.sh 1"' the test.sh script is... (6 Replies)
Discussion started by: jimmy75_13
6 Replies

6. Cybersecurity

Openssl cipher strength

I have read the forums for strengthing the openssl ciphers on a server and the following command I can run: openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH' I have some services that cannot be set to higher levels like you can set in an httpd.conf file.... (1 Reply)
Discussion started by: hydrashok158
1 Replies

7. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards (4 Replies)
Discussion started by: amity
4 Replies

8. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

LEARN ABOUT PHP

ssh2_connect

SSH2_CONNECT(3) 							 1							   SSH2_CONNECT(3)

ssh2_connect - Connect to an SSH server

SYNOPSIS

       resource ssh2_connect (string  $host, [int  $port = 22], [array	$methods], [array  $callbacks])

DESCRIPTION

	Establish a connection to a remote SSH server.

	Once connected, the client should verify the server's hostkey using ssh2_fingerprint(3), then authenticate using either password or public
       key.

PARAMETERS

	      o $host
		-

	      o $port
		-

	      o $methods
		-$methods may be an associative array with up to four parameters as described below.

	      $methods may be an associative array with any or all of the following parameters.

	       * - Supported Values are dependent on methods supported by underlying library. See libssh2 documentation  for  additional  informa-
	      tion.

	      $client_to_server and $server_to_client may be an associative array with any or all of the following parameters.

	      +------+--------------------------------------+---+
	      |Index |					    |	|
	      |      |					    |	|
	      |      |		     Meaning		    |	|
	      |      |					    |	|
	      |      |		Supported Values*	    |	|
	      |      |					    |	|
	      +------+--------------------------------------+---+
	      |crypt |					    |	|
	      |      |					    |	|
	      |      | List of crypto methods to advertise, |	|
	      |      | comma separated in order of  prefer- |	|
	      |      | ence.				    |	|
	      |      |					    |	|
	      |      |					    |	|
	      |      | rijndael-cbc@lysator.liu.se,	    |	|
	      |      | aes256-cbc, aes192-cbc,	aes128-cbc, |	|
	      |      | 3des-cbc, blowfish-cbc, cast128-cbc, |	|
	      |      | arcfour, and none**		    |	|
	      |      |					    |	|
	      |comp  |					    |	|
	      |      |					    |	|
	      |      | List  of  compression   methods	 to |	|
	      |      | advertise,  comma separated in order |	|
	      |      | of preference.			    |	|
	      |      |					    |	|
	      |      |					    |	|
	      |      |		  zlib and none 	    |	|
	      |      |					    |	|
	      | mac  |					    |	|
	      |      |					    |	|
	      |      | List of MAC  methods  to  advertise, |	|
	      |      | comma  separated in order of prefer- |	|
	      |      | ence.				    |	|
	      |      |					    |	|
	      |      |					    |	|
	      |      | hmac-sha1,    hmac-sha1-96,    hmac- |	|
	      |      | ripemd160,		      hmac- |	|
	      |      | ripemd160@openssh.com, and none**    |	|
	      |      |					    |	|
	      +------+--------------------------------------+---+
	      Note

		     Crypt and MAC method " none"

		      For security reasons, none is disabled by the underlying libssh2 library unless explicitly  enabled  during  build  time	by
		     using the appropriate ./configure options. See documentation for the underlying library for more information.

	      o $callbacks
		-$callbacks may be an associative array with any or all of the following parameters.

	       Callbacks parameters

	      +-----------+--------------------------------------+---+
	      |  Index	  |					 |   |
	      | 	  |					 |   |
	      | 	  |		  Meaning		 |   |
	      | 	  |					 |   |
	      | 	  |		 Prototype		 |   |
	      | 	  |					 |   |
	      +-----------+--------------------------------------+---+
	      |  ignore   |					 |   |
	      | 	  |					 |   |
	      | 	  |  Name  of  function  to call when an |   |
	      | 	  | SSH2_MSG_IGNORE packet is received	 |   |
	      | 	  |					 |   |
	      | 	  |	  void ignore_cb($message)	 |   |
	      | 	  |					 |   |
	      |  debug	  |					 |   |
	      | 	  |					 |   |
	      | 	  |  Name of function to  call	when  an |   |
	      | 	  | SSH2_MSG_DEBUG packet is received	 |   |
	      | 	  |					 |   |
	      | 	  | void  debug_cb($message,  $language, |   |
	      | 	  | $always_display)			 |   |
	      | 	  |					 |   |
	      | macerror  |					 |   |
	      | 	  |					 |   |
	      | 	  |  Name of function  to  call  when  a |   |
	      | 	  | packet  is	received but the message |   |
	      | 	  | authentication code failed.  If  the |   |
	      | 	  | callback  returns TRUE, the mismatch |   |
	      | 	  | will be ignored, otherwise the  con- |   |
	      | 	  | nection will be terminated. 	 |   |
	      | 	  |					 |   |
	      | 	  |	 bool macerror_cb($packet)	 |   |
	      | 	  |					 |   |
	      |disconnect |					 |   |
	      | 	  |					 |   |
	      | 	  |  Name  of  function  to call when an |   |
	      | 	  | SSH2_MSG_DISCONNECT    packet     is |   |
	      | 	  | received				 |   |
	      | 	  |					 |   |
	      | 	  | void   disconnect_cb($reason,  $mes- |   |
	      | 	  | sage, $language)			 |   |
	      | 	  |					 |   |
	      +-----------+--------------------------------------+---+
RETURN VALUES

	Returns a resource on success, or FALSE on error.

EXAMPLES

       Example #1

	      ssh2_connect(3) example

	       Open a connection forcing 3des-cbc when sending packets, any strength aes cipher when receiving packets, no compression	in  either
	      direction, and Group1 key exchange.

	      <?php
	      /* Notify the user if the server terminates the connection */
	      function my_ssh_disconnect($reason, $message, $language) {
		printf("Server disconnected with reason code [%d] and message: %s
",
		       $reason, $message);
	      }

	      $methods = array(
		'kex' => 'diffie-hellman-group1-sha1',
		'client_to_server' => array(
		  'crypt' => '3des-cbc',
		  'comp' => 'none'),
		'server_to_client' => array(
		  'crypt' => 'aes256-cbc,aes192-cbc,aes128-cbc',
		  'comp' => 'none'));

	      $callbacks = array('disconnect' => 'my_ssh_disconnect');

	      $connection = ssh2_connect('shell.example.com', 22, $methods, $callbacks);
	      if (!$connection) die('Connection failed');
	      ?>

SEE ALSO

       ssh2_fingerprint(3), ssh2_auth_none(3), ssh2_auth_password(3), ssh2_auth_pubkey_file(3).

PHP Documentation Group 													   SSH2_CONNECT(3)
All times are GMT -4. The time now is 12:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy