Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Matching cipher is not supported: aes256-ctr #3271

Closed
cyberduck opened this issue Jun 25, 2009 · 9 comments
Closed

Matching cipher is not supported: aes256-ctr #3271

cyberduck opened this issue Jun 25, 2009 · 9 comments

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented Jun 25, 2009

c86e7da created the issue

After a recent patch was applied to our Solaris 10 software on our server, we can no longer connect to the server with Cyberduck using SFTP. Upon login, it immediately gives a, "I/O Error: Connection failed. There was a problem connecting to our server:22". Nothing is even listed in the Transcript.

In /var/adm/messages we are getting:

fatal: matching cipher is not supported: aes256-ctr

We are able to connect to the same server successfully using Fetch and Fugu. We are running SSH2.

Do we somehow need to reconfigure Cyberduck to handle a different cipher or to use SSH2 or ...?

We are running Mac OS 10.4.11 and 10.5, and Cyberduck Version 3.2 (4648) or later.

Thanks.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 26, 2009

@dkocher commented

Looks related to this issue: (http://forums.sun.com/thread.jspa?threadID=5393136). What is the selected cipher if you connect using

ssh -v

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 26, 2009

@dkocher commented

Supported ciphers by Cyberduck are (top has first priority, selection is depending on the match from the advertised ciphers from the server.

aes256-ctr
aes192-ctr
aes128-ctr
blowfish-ctr
aes256-cbc
aes192-cbc
aes128-cbc
blowfish-cbc
3des-ctr
3des-cbc

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 26, 2009

c86e7da commented

it looks like our cipher is aes128-cbc

excerpt:

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

I wonder why it would seemingly stop after Cyberduck tries aes256-ctr?

Do you need more info from the ssh -v transcript?

Thank you..
Laura

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 15, 2009

ed284e3 commented

I have a similar problem connecting to a SunOS 5.10 server using sftp (Cyberduck Version 3.2.1 (4923)).
Is it possible to edit the cipher-priority-list in Cyberduck? The system wide open_ssh Ciphers list seems to be ignored by Cyberduck.

Grüsse aus dem Frankenland in Schweiz

             Wolfram

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 2, 2010

@dkocher commented

Replying to [comment:5 wschulze@…]:

I have a similar problem connecting to a SunOS 5.10 server using sftp (Cyberduck Version 3.2.1 (4923)).
Is it possible to edit the cipher-priority-list in Cyberduck? The system wide open_ssh Ciphers list seems to be ignored by Cyberduck.

Grüsse aus dem Frankenland in Schweiz

             Wolfram

No wen don't read the preferred priorities from the OpenSSH configuration.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 2, 2010

@dkocher commented

Replying to [comment:5 wschulze@…]:

I have a similar problem connecting to a SunOS 5.10 server

I would need a public reachable server to replicate this issue. I suppose I need no account to debug the key negotation failure.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 22, 2010

Cipher_aes128 commented

Same exact problem where I cannot connect to a server using SFTP since some change in Cyberduck some months ago. In my case, the cipher is different. Just now finding this support page as the lack of SFTP support prevents my use.

debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '75.126.144.70' is known and matches the RSA host key.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Nov 25, 2010

@dkocher commented

Replying to [comment:8 Cipher_aes128]:

Same exact problem where I cannot connect to a server using SFTP since some change in Cyberduck some months ago. In my case, the cipher is different. Just now finding this support page as the lack of SFTP support prevents my use.

debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '75.126.144.70' is known and matches the RSA host key.

Please post the output of ssh -vv that includes key negogiation debug information and/or give me a test account on the server.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Nov 26, 2010

@dkocher commented

Please reopen if you can supply the information above.

@cyberduck cyberduck closed this Nov 26, 2010
@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants