HPE Community
Operating System - HP-UX
1824218 Members
3848 Online
109669 Solutions
New Discussion

SecureSH cipher issues...

 
SOLVED
Go to solution
Dave Cast
Frequent Advisor

‎12-03-2013 05:12 AM - last edited on ‎12-04-2013 06:20 PM by

‎12-03-2013 05:12 AM - last edited on ‎12-04-2013 06:20 PM by

SecureSH cipher issues...

All,

 

 

     I'm trying to disable all ciphers associated with cbc (cipher block chaining) in secure-shell (Hpux 11.31) - but when I specify (in sshd_config):

 

"Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfo
ur256,arcfour"

 

and then I try to restart secure-shell and receive the error:

 

-------------------------------------------------------------------------------------------------------------------------------------

# ./secsh start
/opt/ssh/etc/sshd_config line 20: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfour256,arcfour'.
EXIT CODE: 255
#

-------------------------------------------------------------------------------------------------------------------------------------

 

However these ciphers are specifically stated as valid in the man page (man sshd_config) on that server.

 

 

Any ideas?

 

 

P.S. This thread has been moved from HP-UX > General  to HP-UX > security.  Hp Forum Moderator

 

Today is different and tomorrow the same.
0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎12-03-2013 06:35 AM

‎12-03-2013 06:35 AM

Re: SecureSH cipher issues...

Do you have the "Protocol 2" specified in the sshd_config as well?  

 

Here is what I had to specify in my sshd-config file to get it to work:

 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour

 

Basically I just removed this entry from your list: aes128-gcm@openssh.com

 

That is not in the list of supported ciphers in the sshd_config man page.

 

 

Reply
Dave Cast
Frequent Advisor

‎12-03-2013 06:58 AM

‎12-03-2013 06:58 AM

Re: SecureSH cipher issues...

Hi Patrick,

 

 

Yes, I do have Protocol 2 specified in sshd_config.   And still receive this error:

# /sbin/init.d/secsh start
/opt/ssh/etc/sshd_config line 20: garbage at end of line; "aes192-ctr,".
EXIT CODE: 255
#

 

 

 

I've attached a copy of my sshd_config file.

Today is different and tomorrow the same.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎12-03-2013 09:08 AM

‎12-03-2013 09:08 AM

Solution

Re: SecureSH cipher issues...

Take the spaces out of your Ciphers line.  It should look like this:

 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour

 The only space should be after the word "Ciphers".

Reply
Dave Cast
Frequent Advisor

‎12-03-2013 09:23 AM

‎12-03-2013 09:23 AM

Re: SecureSH cipher issues...

Interesting - ok I took out the spaces (it looked like there were spaces after each cipher, due to my font - and everything works, sheez.

 

 

 

Also, aes128-gcm@openssh.com is supported according to the man page for this system.  But it doesn't like it.

 

THANKS.

Today is different and tomorrow the same.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.