ok, and many thanks for your solution!
On Jan 15, 5:03 pm, Jamis Buck <ja...@37signals.com> wrote:
> I had heard of it, but I am not a crypto guru, and I have no idea how to
> make OpenSSL support those (which is what Net::SSH depends on). Perhaps
> someone more crypto-saavy than I will be able to pipe in and say "oh,
> heck, you just need to do X and Y and you're all set". :)
>
> - Jamis
>
> On 1/15/09 10:02 AM, Xazoola wrote:
>
> > You have just nailed it.
> > There was a SSH CBC vulnerability reported by US-CERT.
> >http://www.kb.cert.org/vuls/id/958563
> > I'm not sure how the vulnerability is exploited. But to be safe, I
> > disable all CBC related ciphers.
> > After enabling all the default ciphers "aes128-ctr,aes128-cbc,arcfour,
> > 3des-cbc,blowfish-cbc", the "encryption_client algorithm" is solved.
>
> > do you know anything about this SSH CBC vulnerability? If it is a
> > security problem when CBC related cipher enabled on SSH server, any
> > plan for Net:SSH to support non CBC ciphers?
>
> > On Jan 15, 4:03 pm, Jamis Buck <ja...@37signals.com> wrote:
> >> This can also be caused if your SSH server is configured to allow only a
> >> small subset of cipher algorithms, and that subset does not overlap any
> >> of the algorithms that Net::SSH supports.
>
> >> Net::SSH supports the following ciphers:
>
> >> aes128-cbc
> >> 3des-cbc
> >> blowfish-cbc
> >> cast128-cbc
> >> aes192-cbc
> >> aes256-cbc
> >> rijndael-...@lysator.liu.se
> >> idea-cbc
> >> none
>
> >> (Though it is strongly recommended to not use 'none'. It's really only
> >> useful for debugging Net::SSH.)
>
> >> If there is a cipher you want that isn't included there, you'll need to
> >> see how to make Ruby's OpenSSL bindings provide it.
>
> >> - Jamis
>
> >> On 1/15/09 8:37 AM, Lee Hambley wrote:
>
> >>> This might be ssh v1 vs. v2 issues, are you definately using SSH v2,
> >>> with v2 keys? (i think it is a difference between DSA, and RSA keys)
> >>> - Lee
> >>> 2009/1/15 Xazoola <col...@gmail.com <mailto:col...@gmail.com>>
> >>> Hi,
> >>> I am getting a ConnectionError on Solaris. Works find on Linux. anyone
> >>> know what causes this error?
> >>> Capistrano::ConnectionError, connection failed for: <IPADDRESS>
> >>> (Net::SSH::Exception: could not settle on encryption_client algorithm)
--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to
capistrano-unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---
