Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error
One of the link on internet tells me about SecureCRT that I have:
AES-128
AES-192
AES-256
But it is looking for :
AES-128-CTR
AES-192-CTR
AES-256-CTR
I noticed that SSH was upgraded on server (Sun_SSH_2.2 to OpenSSH_7.7p1) and latest update of Oracle says "The default set of ciphers and MACs has been altered to remove unsafe algorithms. You can use the following commands to list all supported ciphers". and here is output:
That means my SecureCRT is old and not compatible with current solaris version. Due to management budget issues, it may probably take some time to spend money on getting latest SecureCRT.
- Is there any bypass/alternate, which should be be used to login for time-being ?
Any advice would be helpful for me to read further.
Thanks
Last edited by solaris_1977; 07-31-2019 at 04:05 PM..
Location: Asia Pacific, Cyberspace, in the Dark Dystopia
Posts: 19,118
Thanks Given: 2,351
Thanked 3,359 Times in 1,878 Posts
I think this question was recently asked and answered here (or a very similar question).
Please search the forums before asking questions and reference those discussions (it is also a forum rule and is just good practice to read the many great posts here at unix.com before asking a question which has likely been addressed, directly or indirectly).
When you search the forums and find a relevant discussion, you will also see up to 10 related discussions at the bottom of each entry (especially easy to read now that I have remodeled this code in both desktop and mobile).
Please search the forums before asking a question, read / review the related / similar discussions, and reference the relevant discussions in your questions.
Hi,
As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
To do this, in sshd_config I comment out these lines :
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5
and add... (9 Replies)
I have read the forums for strengthing the openssl ciphers on a server and the following command I can run:
openssl ciphers -v 'TLSv1+HIGH:!SSLv2:RC4!MEDIUM:!aNULL:!eNULL:!3DES:!EXPORT:@STRENGTH'
I have some services that cannot be set to higher levels like you can set in an httpd.conf file.... (1 Reply)
Hello everyone,
I am attempting to execute a script through SSH and am getting "unkown cipher type error".... Here is my command:
ssh paydvopl02 -c '"/home/jpassema/test.sh 1"'
and the actual error message :
Unknown cipher type '"/home/jpassema/test.sh 1"'
the test.sh script is... (6 Replies)
I'm facing a peculiar issue when using vi on solaris. When i open a file using vi & search for a string pattern & if that pattern is not found & if i exit, vi exits with return value 1. (Checked the return value with 'echo $?' ).
When the string is found, vi exits with return value 0.
This... (9 Replies)
i have 30 file systems on my production system and my system is responding too slow and / is 99% full is there any way i can run the du -sh only on root file systems and skip all the SAN file systems as the system is unable to do du -sdh * / as it would try to run du on all the SAN/NAS file... (5 Replies)
Hi,
I am having a serious problem with a Solaris 2.6 box. Whenever I try and tar a large directory I get this error:tar: write error: unexpected EOF
My own research shows that I might have to enable tarring large files by this command:
fsadm -o largefiles <mountpoint>
My box does not... (8 Replies)
Hi,
At the moment there are two ciphers available on our unix box (aix 5.1)...aes256 and 3des. Can somebody tell how can use a different cipher (aes128 one that use less cpu and is faster). How do i install this. How can i see wich ciphers are available. In the config file of ssh2 the folowwing... (0 Replies)