Login or Register to Ask a Question and Join Our Community


Cybersecurity

SSH ciphers help

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity SSH ciphers help
# 1  
Old 11-02-2012
[Solved] SSH ciphers help
Hello,
One of my co-worker changed our the ssh ciphers that we currently use.
We made a change to /etc/ssh/ssh_config on our Solaris 10 servers. Security said that we have to use aes128-ctr or higher, but not aes128-cbc.

The issue is that many of the ssh clients (Tectia) on Windows will not connect to our Solaris servers. Has anyone had this issue? Is there a setting I can set to get this working again?

Thanks

---------- Post updated at 11:36 AM ---------- Previous update was at 10:09 AM ----------

Ok I have found the answer. I upgraded the client (tectia) and now it works.
This User Gave Thanks to bitlord For This Post:
Corona688
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Ppa and default-bind-ciphers

Hello, I am under ubuntu 16.04 now. I am going to add a repository into server. After apt-get install app_name, I see below lines inside a file : excerpted from config file: .. .. ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256::RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS .. .. ... (9 Replies)
Discussion started by: baris35
9 Replies

2. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

3. UNIX for Beginners Questions & Answers

Ssh script to validate ssh connection to multiple serves with status

Hi, I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not... I have .sh script like below and i have servers.txt contains all the list of servers #/bin/bash for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies

4. Linux

Postfix: Enable only high ciphers

I try to enable only secure high ciphers. With those smtpd_tls_auth_only = yes smtpd_tls_mandatory_ciphers = high smtpd_tls_protocols = SSLv3, TLSv1, !SSLv2 smtpd_tls_mandatory_exclude_ciphers = aNULL Disable sslv2 but nessus say weak and medium ciphers still enabled,how to enable only... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

5. Shell Programming and Scripting

Ssh = ssh expect and keep everything not change include parameter postion

I have write a script which contains ssh -p 12345 dcplatform@10.125.42.50 ssh 127.0.0.1 -p 5555 "$CMD" ssh root@$GUEST_IP "$CMD" before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position" I can post a... (1 Reply)
Discussion started by: yanglei_fage
1 Replies

6. Cybersecurity

How to Disable Ciphers and Reconfigure Encryption?

Hello, I recently had a Retina scan of my system and there are some findings I do not understand. SSL Week Cipher Strength Supported - Retina has detected that the targeted SSL Service supports a cryptographically weak cipher strength... Disable ciphers that support less than 128-bit... (4 Replies)
Discussion started by: stringman
4 Replies

7. OS X (Apple)

Weak Security Ciphers

Hi All * Need some help on testing if a server supports weak ciphers . Here is the command I ran : openssl s_client -connect HOSTNAME:443 -cipher LOW:EXP result : Connected : err num=110 openssl s_client -connect HOSTNAME:8000 -cipher LOW:EXP result : Connected : err... (1 Reply)
Discussion started by: noufel
1 Replies

8. Cybersecurity

Weak Security Ciphers

Hi All * Need some help on testing if a server supports weak ciphers . Here is the command I ran : openssl s_client -connect HOSTNAME:443 -cipher LOW:EXP result : Connected : err num=110 openssl s_client -connect HOSTNAME:8000 -cipher LOW:EXP result : Connected : err... (0 Replies)
Discussion started by: noufel
0 Replies

9. Shell Programming and Scripting

could not send commands SSH session with Net::SSH::Expect

I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands. With the putty I can connect to the device and execute the commands without any issues. Here is the sample script my $ssh =... (0 Replies)
Discussion started by: hansini
0 Replies
Login or Register to Ask a Question

LEARN ABOUT X11R4

ssh-keysign

ssh-keysign(1M)                                                                                                                    ssh-keysign(1M)

NAME

       ssh-keysign - ssh helper program for host-based authentication

SYNOPSIS

       ssh-keysign

       ssh-keysign  is  used  by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
       with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the  name  of  the
       client user.

       ssh-keysign  is  disabled  by  default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
       basedAuthentication to yes.

       ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based  authen-
       tication.

       /etc/ssh/ssh_config

           Controls whether ssh-keysign is enabled.

       /etc/ssh/ssh_host_dsa_key
       /etc/ssh/ssh_host_rsa_key

           These  files  contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
           only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must  be  set-uid  root  if  host-based
           authentication is used.

       ssh-keysign will not sign host-based authentication data under the following conditions:

         o  If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
            den in users' ~/.ssh/ssh_config files.

         o  If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of  the  client  where  ssh-keysign  is
            invoked and the name of the user invoking ssh-keysign.

       In  spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
       as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWsshu                     |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

       ssh(1), sshd(1M), ssh_config(4), attributes(5)

AUTHORS

       Markus Friedl, markus@openbsd.org

HISTORY

       ssh-keysign first appeared in Ox 3.2.

                                                                    9 Jun 2004                                                     ssh-keysign(1M)