SecureSH cipher issues... (815 Views)
Reply
Frequent Advisor
Dave Cast
Posts: 91
Registered: ‎02-22-2008
Message 1 of 5 (815 Views)
Accepted Solution

SecureSH cipher issues...

[ Edited ]

All,

 

 

     I'm trying to disable all ciphers associated with cbc (cipher block chaining) in secure-shell (Hpux 11.31) - but when I specify (in sshd_config):

 

"Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfo
ur256,arcfour"

 

and then I try to restart secure-shell and receive the error:

 

-------------------------------------------------------------------------------------------------------------------------------------

# ./secsh start
/opt/ssh/etc/sshd_config line 20: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour128,arcfour256,arcfour'.
EXIT CODE: 255
#

-------------------------------------------------------------------------------------------------------------------------------------

 

However these ciphers are specifically stated as valid in the man page (man sshd_config) on that server.

 

 

Any ideas?

 

 

P.S. This thread has been moved from HP-UX > General  to HP-UX > security.  Hp Forum Moderator

 

Today is different and tomorrow the same.
Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,752
Registered: ‎06-21-2000
Message 2 of 5 (807 Views)

Re: SecureSH cipher issues...

Do you have the "Protocol 2" specified in the sshd_config as well?  

 

Here is what I had to specify in my sshd-config file to get it to work:

 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour

 

Basically I just removed this entry from your list: aes128-gcm@openssh.com

 

That is not in the list of supported ciphers in the sshd_config man page.

 

 

Please use plain text.
Frequent Advisor
Dave Cast
Posts: 91
Registered: ‎02-22-2008
Message 3 of 5 (803 Views)

Re: SecureSH cipher issues...

Hi Patrick,

 

 

Yes, I do have Protocol 2 specified in sshd_config.   And still receive this error:

# /sbin/init.d/secsh start
/opt/ssh/etc/sshd_config line 20: garbage at end of line; "aes192-ctr,".
EXIT CODE: 255
#

 

 

 

I've attached a copy of my sshd_config file.

Today is different and tomorrow the same.
Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,752
Registered: ‎06-21-2000
Message 4 of 5 (792 Views)

Re: SecureSH cipher issues...

Take the spaces out of your Ciphers line.  It should look like this:

 

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour

 The only space should be after the word "Ciphers".

Please use plain text.
Frequent Advisor
Dave Cast
Posts: 91
Registered: ‎02-22-2008
Message 5 of 5 (788 Views)

Re: SecureSH cipher issues...

Interesting - ok I took out the spaces (it looked like there were spaces after each cipher, due to my font - and everything works, sheez.

 

 

 

Also, aes128-gcm@openssh.com is supported according to the man page for this system.  But it doesn't like it.

 

THANKS.

Today is different and tomorrow the same.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation