Re: SecureSH cipher issues... (1090 Views)
Reply
Frequent Advisor
Dave Cast
Posts: 92
Registered: ‎02-22-2008
Message 1 of 5 (1,117 Views)
Accepted Solution

SecureSH cipher issues...

[ Edited ]

All,

 

 

     I'm trying to disable all ciphers associated with cbc (cipher block chaining) in secure-shell (Hpux 11.31) - but when I specify (in sshd_config):

 

"Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfo
ur256,arcfour"

 

and then I try to restart secure-shell and receive the error:

 

-------------------------------------------------------------------------------------------------------------------------------------

# ./secsh start
/opt/ssh/etc/sshd_config line 20: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfour256,arcfour'.
EXIT CODE: 255
#

-------------------------------------------------------------------------------------------------------------------------------------

 

However these ciphers are specifically stated as valid in the man page (man sshd_config) on that server.

 

 

Any ideas?

 

 

P.S. This thread has been moved from HP-UX > General  to HP-UX > security.  Hp Forum Moderator

 

Today is different and tomorrow the same.
Honored Contributor
Patrick Wallek
Posts: 13,784
Registered: ‎06-21-2000
Message 2 of 5 (1,109 Views)

Re: SecureSH cipher issues...

Do you have the "Protocol 2" specified in the sshd_config as well?  

 

Here is what I had to specify in my sshd-config file to get it to work:

 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour

 

Basically I just removed this entry from your list: aes128-gcm@openssh.com

 

That is not in the list of supported ciphers in the sshd_config man page.

 

 

Frequent Advisor
Dave Cast
Posts: 92
Registered: ‎02-22-2008
Message 3 of 5 (1,105 Views)

Re: SecureSH cipher issues...

Hi Patrick,

 

 

Yes, I do have Protocol 2 specified in sshd_config.   And still receive this error:

# /sbin/init.d/secsh start
/opt/ssh/etc/sshd_config line 20: garbage at end of line; "aes192-ctr,".
EXIT CODE: 255
#

 

 

 

I've attached a copy of my sshd_config file.

Today is different and tomorrow the same.
Honored Contributor
Patrick Wallek
Posts: 13,784
Registered: ‎06-21-2000
Message 4 of 5 (1,094 Views)

Re: SecureSH cipher issues...

Take the spaces out of your Ciphers line.  It should look like this:

 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour

 The only space should be after the word "Ciphers".

Frequent Advisor
Dave Cast
Posts: 92
Registered: ‎02-22-2008
Message 5 of 5 (1,090 Views)

Re: SecureSH cipher issues...

Interesting - ok I took out the spaces (it looked like there were spaces after each cipher, due to my font - and everything works, sheez.

 

 

 

Also, aes128-gcm@openssh.com is supported according to the man page for this system.  But it doesn't like it.

 

THANKS.

Today is different and tomorrow the same.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.