Wireless Access

Reply
Highlighted
Occasional Contributor II

Re: SSH Ciphers

This issue with administrators not being able to login to AOS is comming back:

1. CBC ciphers have been deprecated in upstream openssh since version 7.3p1.

2. Ubuntu 18.04 uses openssh 7.6p1 and any attempt to log into an Aruba controller running AOS 6.5.3.5 or even 8.2.1 results in

Unable to negotiate with x.x.x.x port 22: no matching cipher found. Their offer: aes128-cbc,aes256-cbc

The ciphers are still compiled in the code and you can force ssh to use them, but they might be left out alltogether in the future. Perhaps it's time AOS supported other ciphers as well?

 

ssh -v output:

OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /home/x/.ssh/config
debug1: /home/x/.ssh/config line 6: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to x.x.x.x port 22.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4
debug1: Remote protocol version 2.0, remote software version OpenSSH
debug1: match: OpenSSH pat OpenSSH* compat 0x04000000
debug1: Authenticating to x.x.x.x:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ssh-rsa
Unable to negotiate with x.x.x.x port 22: no matching cipher found. Their offer: aes128-cbc,aes256-cbc
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: