SFTP client failing on 7.4
54 views
Skip to first unread message
John McCann
May 27, 2022, 6:21:45 AM5/27/22
to
Hi
We recently upgraded to a new power 9 box running 7.4, and SFTP client to a customer( we do not run the server) now fails with;
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: rsa-sha2-512
Unable to negotiate with nnn.nn.nnn.nn port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
We are just using password authentication, which still works fine on our old power 8 box on 7.2.
We have implemented older protocols and ciphers using system values QSSLCSL, QSSLCSLCTL, QSSLPCL , and TLSCONFIG (in SST)
Has anyone come across this before, or has any idea where I might look next.
We recently upgraded to a new power 9 box running 7.4, and SFTP client to a customer( we do not run the server) now fails with;
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: rsa-sha2-512
Unable to negotiate with nnn.nn.nnn.nn port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
We are just using password authentication, which still works fine on our old power 8 box on 7.2.
We have implemented older protocols and ciphers using system values QSSLCSL, QSSLCSLCTL, QSSLPCL , and TLSCONFIG (in SST)
Has anyone come across this before, or has any idea where I might look next.
Grant Taylor
May 27, 2022, 1:21:17 PM5/27/22
to
On 5/27/22 4:21 AM, John McCann wrote:
> Hi
Hi,
> We recently upgraded to a new power 9 box running 7.4, and SFTP client
> to a customer( we do not run the server) now fails with;
...
> Has anyone come across this before, or has any idea where I might
> look next.
I've run into something very similar on other platforms.
Take a look at this and see if it helps you as it helped me.
Link - OpenSSH: Legacy Options
- https://www.openssh.com/legacy.html
In short, the OpenSSH developers have disabled support for some older
encryption algorithms and key exchange algorithms _by_ _default_. Thus
far they are still there and can be re-enabled.
I've used both command line and client configuration file variants of
these options on different systems as the need arises.
--
Grant. . . .
unix || die
> Hi
Hi,
> We recently upgraded to a new power 9 box running 7.4, and SFTP client
> to a customer( we do not run the server) now fails with;
> Has anyone come across this before, or has any idea where I might
> look next.
Take a look at this and see if it helps you as it helped me.
Link - OpenSSH: Legacy Options
- https://www.openssh.com/legacy.html
In short, the OpenSSH developers have disabled support for some older
encryption algorithms and key exchange algorithms _by_ _default_. Thus
far they are still there and can be re-enabled.
I've used both command line and client configuration file variants of
these options on different systems as the need arises.
--
Grant. . . .
unix || die
John McCann
Jun 16, 2022, 10:30:01 AM6/16/22
to
Grant Taylor
Jun 16, 2022, 11:41:21 PM6/16/22
to
On 6/16/22 8:29 AM, John McCann wrote:
> Thanks Grant.
You're welcome.
I am curious if the OpenSSH - Legacy Options was germane for you on -- I
presume -- IBM i or not.
> Thanks Grant.
You're welcome.
I am curious if the OpenSSH - Legacy Options was germane for you on -- I
presume -- IBM i or not.
Reply all
Reply to author
Forward
0 new messages