info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SFTP client failing on 7.4
75 views
Skip to first unread message
John McCann
May 27, 2022, 6:21:45 AM5/27/22
to
Hi
We recently upgraded to a new power 9 box running 7.4, and SFTP client to a customer( we do not run the server) now fails with;
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: rsa-sha2-512
Unable to negotiate with nnn.nn.nnn.nn port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
We are just using password authentication, which still works fine on our old power 8 box on 7.2.
We have implemented older protocols and ciphers using system values QSSLCSL, QSSLCSLCTL, QSSLPCL , and TLSCONFIG (in SST)
Has anyone come across this before, or has any idea where I might look next.
We recently upgraded to a new power 9 box running 7.4, and SFTP client to a customer( we do not run the server) now fails with;
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: rsa-sha2-512
Unable to negotiate with nnn.nn.nnn.nn port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc
We are just using password authentication, which still works fine on our old power 8 box on 7.2.
We have implemented older protocols and ciphers using system values QSSLCSL, QSSLCSLCTL, QSSLPCL , and TLSCONFIG (in SST)
Has anyone come across this before, or has any idea where I might look next.
Grant Taylor
May 27, 2022, 1:21:17 PM5/27/22
to
On 5/27/22 4:21 AM, John McCann wrote:
> Hi
Hi,
> We recently upgraded to a new power 9 box running 7.4, and SFTP client
> to a customer( we do not run the server) now fails with;
...
> Has anyone come across this before, or has any idea where I might
> look next.
I've run into something very similar on other platforms.
Take a look at this and see if it helps you as it helped me.
Link - OpenSSH: Legacy Options
- https://www.openssh.com/legacy.html
In short, the OpenSSH developers have disabled support for some older
encryption algorithms and key exchange algorithms _by_ _default_. Thus
far they are still there and can be re-enabled.
I've used both command line and client configuration file variants of
these options on different systems as the need arises.
--
Grant. . . .
unix || die
> Hi
Hi,
> We recently upgraded to a new power 9 box running 7.4, and SFTP client
> to a customer( we do not run the server) now fails with;
> Has anyone come across this before, or has any idea where I might
> look next.
Take a look at this and see if it helps you as it helped me.
Link - OpenSSH: Legacy Options
- https://www.openssh.com/legacy.html
In short, the OpenSSH developers have disabled support for some older
encryption algorithms and key exchange algorithms _by_ _default_. Thus
far they are still there and can be re-enabled.
I've used both command line and client configuration file variants of
these options on different systems as the need arises.
--
Grant. . . .
unix || die
John McCann
Jun 16, 2022, 10:30:01 AM6/16/22
to
Grant Taylor
Jun 16, 2022, 11:41:21 PM6/16/22
to
On 6/16/22 8:29 AM, John McCann wrote:
> Thanks Grant.
You're welcome.
I am curious if the OpenSSH - Legacy Options was germane for you on -- I
presume -- IBM i or not.
> Thanks Grant.
You're welcome.
I am curious if the OpenSSH - Legacy Options was germane for you on -- I
presume -- IBM i or not.
0 new messages