SIMP 5.2.1 - SSH to lower security servers (SIMP 3.x)

36 views

Skip to first unread message

mark....@soteradefense.com

unread,

Mar 9, 2017, 8:33:41 PM3/9/17

to SIMP Q&A Forum

So I have two complete SIMP 3 clusters and a new SIMP 5 cluster. I can ssh into all my SIMP 5 systems because they're using the proper encryption and ssl settings.

I cannot get into any of my SIMP 3 systems (CentOS6 with lower ssl requirements).

I get the dreaded:

- no matching cipher found: client aes25...@openssh.com,aes12...@openssh.com server aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc

Is there a simple fix to this? I'm wondering if you have something that I can implement quickly without having to figure it out myself.

Thanks in advance,

Mark

Trevor Vaughan

unread,

Mar 10, 2017, 8:24:18 AM3/10/17

to mark....@soteradefense.com, SIMP Q&A Forum

Hi Mark,

Since this is a client setting, you can set the ciphers either at the command line or in your personal SSH configuration. The client side configuration settings are safe defaults and can all be overridden in your ~/.ssh/config file.

Try setting the following in your personal SSH config:

Ciphers aes25...@openssh.com,aes128-g...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

If you want to be precise, you can restrict that under a Host setting.

Thanks,

Trevor

On Thu, Mar 9, 2017 at 8:33 PM, <mark....@soteradefense.com> wrote:

So I have two complete SIMP 3 clusters and a new SIMP 5 cluster. I can ssh into all my SIMP 5 systems because they're using the proper encryption and ssl settings.
I cannot get into any of my SIMP 3 systems (CentOS6 with lower ssl requirements).

I get the dreaded:

- no matching cipher found: client aes25...@openssh.com,aes128-g...@openssh.com server aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc

Is there a simple fix to this? I'm wondering if you have something that I can implement quickly without having to figure it out myself.

Thanks in advance,
Mark

--
You received this message because you are subscribed to the Google Groups "SIMP Q&A Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simp+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp/bae55bc6-edb2-43e7-b1c8-50a7cc83468a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Trevor Vaughan
Vice President, Onyx Point, Inc

(410) 541-6699 x788

-- This account not approved for unencrypted proprietary information --

Reply all

Reply to author

Forward

0 new messages