Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SFTP client failing on 7.4

75 views
Skip to first unread message

John McCann

unread,
May 27, 2022, 6:21:45 AM5/27/22
to
Hi

We recently upgraded to a new power 9 box running 7.4, and SFTP client to a customer( we do not run the server) now fails with;

debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: rsa-sha2-512
Unable to negotiate with nnn.nn.nnn.nn port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc

We are just using password authentication, which still works fine on our old power 8 box on 7.2.

We have implemented older protocols and ciphers using system values QSSLCSL, QSSLCSLCTL, QSSLPCL , and TLSCONFIG (in SST)

Has anyone come across this before, or has any idea where I might look next.

Grant Taylor

unread,
May 27, 2022, 1:21:17 PM5/27/22
to
On 5/27/22 4:21 AM, John McCann wrote:
> Hi

Hi,

> We recently upgraded to a new power 9 box running 7.4, and SFTP client
> to a customer( we do not run the server) now fails with;

...

> Has anyone come across this before, or has any idea where I might
> look next.

I've run into something very similar on other platforms.

Take a look at this and see if it helps you as it helped me.

Link - OpenSSH: Legacy Options
- https://www.openssh.com/legacy.html

In short, the OpenSSH developers have disabled support for some older
encryption algorithms and key exchange algorithms _by_ _default_. Thus
far they are still there and can be re-enabled.

I've used both command line and client configuration file variants of
these options on different systems as the need arises.



--
Grant. . . .
unix || die

John McCann

unread,
Jun 16, 2022, 10:30:01 AM6/16/22
to
Thanks Grant.

Grant Taylor

unread,
Jun 16, 2022, 11:41:21 PM6/16/22
to
On 6/16/22 8:29 AM, John McCann wrote:
> Thanks Grant.

You're welcome.

I am curious if the OpenSSH - Legacy Options was germane for you on -- I
presume -- IBM i or not.
0 new messages