Cipher issue on Solaris 11.4


 
Thread Tools Search this Thread
Operating Systems Solaris Cipher issue on Solaris 11.4
# 1  
Old 07-31-2019
Cipher issue on Solaris 11.4

Hi,

Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error
Code:
key exchange failed: cipher not compatible

One of the link on internet tells me about SecureCRT that I have:
AES-128
AES-192
AES-256

But it is looking for :
AES-128-CTR
AES-192-CTR
AES-256-CTR

I noticed that SSH was upgraded on server (Sun_SSH_2.2 to OpenSSH_7.7p1) and latest update of Oracle says "The default set of ciphers and MACs has been altered to remove unsafe algorithms. You can use the following commands to list all supported ciphers". and here is output:
Code:
# ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
#

That means my SecureCRT is old and not compatible with current solaris version. Due to management budget issues, it may probably take some time to spend money on getting latest SecureCRT.

- Is there any bypass/alternate, which should be be used to login for time-being ?

Any advice would be helpful for me to read further.

Thanks

Last edited by solaris_1977; 07-31-2019 at 04:05 PM..
# 2  
Old 07-31-2019
I think this question was recently asked and answered here (or a very similar question).

Please search the forums before asking questions and reference those discussions (it is also a forum rule and is just good practice to read the many great posts here at unix.com before asking a question which has likely been addressed, directly or indirectly).

When you search the forums and find a relevant discussion, you will also see up to 10 related discussions at the bottom of each entry (especially easy to read now that I have remodeled this code in both desktop and mobile).

Please search the forums before asking a question, read / review the related / similar discussions, and reference the relevant discussions in your questions.

Thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

2. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards (4 Replies)
Discussion started by: amity
4 Replies

3. Cybersecurity

Openssl cipher strength

I have read the forums for strengthing the openssl ciphers on a server and the following command I can run: openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH' I have some services that cannot be set to higher levels like you can set in an httpd.conf file.... (1 Reply)
Discussion started by: hydrashok158
1 Replies

4. Shell Programming and Scripting

ssh unkown cipher type error

Hello everyone, I am attempting to execute a script through SSH and am getting "unkown cipher type error".... Here is my command: ssh paydvopl02 -c '"/home/jpassema/test.sh 1"' and the actual error message : Unknown cipher type '"/home/jpassema/test.sh 1"' the test.sh script is... (6 Replies)
Discussion started by: jimmy75_13
6 Replies

5. Solaris

Vi issue with solaris

I'm facing a peculiar issue when using vi on solaris. When i open a file using vi & search for a string pattern & if that pattern is not found & if i exit, vi exits with return value 1. (Checked the return value with 'echo $?' ). When the string is found, vi exits with return value 0. This... (9 Replies)
Discussion started by: pj87
9 Replies

6. Solaris

du -sh issue in solaris 10

i have 30 file systems on my production system and my system is responding too slow and / is 99% full is there any way i can run the du -sh only on root file systems and skip all the SAN file systems as the system is unable to do du -sdh * / as it would try to run du on all the SAN/NAS file... (5 Replies)
Discussion started by: fugitive
5 Replies

7. Solaris

Solaris Issue

Hi, I am having a serious problem with a Solaris 2.6 box. Whenever I try and tar a large directory I get this error:tar: write error: unexpected EOF My own research shows that I might have to enable tarring large files by this command: fsadm -o largefiles <mountpoint> My box does not... (8 Replies)
Discussion started by: mojoman
8 Replies

8. UNIX for Dummies Questions & Answers

cipher scp question

Hi, At the moment there are two ciphers available on our unix box (aix 5.1)...aes256 and 3des. Can somebody tell how can use a different cipher (aes128 one that use less cpu and is faster). How do i install this. How can i see wich ciphers are available. In the config file of ssh2 the folowwing... (0 Replies)
Discussion started by: lennyxx
0 Replies
Login or Register to Ask a Question