- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: SecureSH cipher issues...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2013 05:12 AM - last edited on 12-04-2013 06:20 PM by Maiko-I
12-03-2013 05:12 AM - last edited on 12-04-2013 06:20 PM by Maiko-I
All,
I'm trying to disable all ciphers associated with cbc (cipher block chaining) in secure-shell (Hpux 11.31) - but when I specify (in sshd_config):
"Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfo
ur256,arcfour"
and then I try to restart secure-shell and receive the error:
-------------------------------------------------------------------------------------------------------------------------------------
# ./secsh start
/opt/ssh/etc/sshd_config line 20: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfour256,arcfour'.
EXIT CODE: 255
#
-------------------------------------------------------------------------------------------------------------------------------------
However these ciphers are specifically stated as valid in the man page (man sshd_config) on that server.
Any ideas?
P.S. This thread has been moved from HP-UX > General to HP-UX > security. Hp Forum Moderator
Solved! Go to Solution.
- Tags:
- sshd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2013 06:35 AM
12-03-2013 06:35 AM
Re: SecureSH cipher issues...
Do you have the "Protocol 2" specified in the sshd_config as well?
Here is what I had to specify in my sshd-config file to get it to work:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
Basically I just removed this entry from your list: aes128-gcm@openssh.com
That is not in the list of supported ciphers in the sshd_config man page.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2013 06:58 AM
12-03-2013 06:58 AM
Re: SecureSH cipher issues...
Hi Patrick,
Yes, I do have Protocol 2 specified in sshd_config. And still receive this error:
# /sbin/init.d/secsh start
/opt/ssh/etc/sshd_config line 20: garbage at end of line; "aes192-ctr,".
EXIT CODE: 255
#
I've attached a copy of my sshd_config file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2013 09:08 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2013 09:23 AM
12-03-2013 09:23 AM
Re: SecureSH cipher issues...
Interesting - ok I took out the spaces (it looked like there were spaces after each cipher, due to my font - and everything works, sheez.
Also, aes128-gcm@openssh.com is supported according to the man page for this system. But it doesn't like it.
THANKS.