Re: SSH Ciphers
05-28-2018 02:30 AM - edited 05-28-2018 02:35 AM
This issue with administrators not being able to login to AOS is comming back:
1. CBC ciphers have been deprecated in upstream openssh since version 7.3p1.
2. Ubuntu 18.04 uses openssh 7.6p1 and any attempt to log into an Aruba controller running AOS 126.96.36.199 or even 8.2.1 results in
Unable to negotiate with x.x.x.x port 22: no matching cipher found. Their offer: aes128-cbc,aes256-cbc
The ciphers are still compiled in the code and you can force ssh to use them, but they might be left out alltogether in the future. Perhaps it's time AOS supported other ciphers as well?
ssh -v output:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /home/x/.ssh/config debug1: /home/x/.ssh/config line 6: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to x.x.x.x port 22. debug1: Connection established. debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4 debug1: Remote protocol version 2.0, remote software version OpenSSH debug1: match: OpenSSH pat OpenSSH* compat 0x04000000 debug1: Authenticating to x.x.x.x:22 as 'admin' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group14-sha1 debug1: kex: host key algorithm: ssh-rsa Unable to negotiate with x.x.x.x port 22: no matching cipher found. Their offer: aes128-cbc,aes256-cbc