The website says it supports it, but when the Publish Over SSH plugin connects, the sshd log throws the following error: "fatal: no matching cipher found: client aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc server aes256-ctr" and the corresponding error on Jenkins is: "jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [Config-Name]. Message [Algorithm negotiation fail]]"
If the Jsch plugin supports the new Ciphers, then the config file that the Jsch client uses to exchange Cipher info with the server doesn't seem to be updated. The native ssh client on the Jenkins (client) works well with the remote server. Not the Jsch ssh client that the Publish Over plugin uses. On Thu, Jul 12, 2018 at 4:15 PM Slide <[email protected]> wrote: > From looking at the Jsch website (http://www.jcraft.com/jsch/), they show > the following in 0.15.4 which is what is used in the Jsch Plugin 0.15.4.2, > which is what is used in Publish Over SSH 1.19.1 > > > - > Cipher: blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr, > *aes192-ctr,aes256-ctr*,3des-ctr,arcfour,arcfour128,arcfour256 > > > So, I don't think there is an issue, unless I am missing something. > > On Thu, Jul 12, 2018 at 4:09 PM <[email protected]> wrote: > >> Anyone from the "Publish over SSH" and "JSch dependency" plugins teams >> that can help with this? >> >> >> On Wednesday, May 9, 2018 at 7:47:21 PM UTC-7, [email protected] >> wrote: >>> >>> The SSH client in the Publish over SSH plugin which uses Jsch Dependency >>> plugin only supports the following Ciphers: *Ciphers: >>> aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc* >>> OpenSSH 7.* is disabling cbc modes of the ciphers and also not offering >>> CBC ciphers by default. >>> https://www.openssh.com/releasenotes.html >>> >>> * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST >>> ciphers. >>> >>> * ssh(1): do not offer CBC ciphers by default. >>> >>> >>> It now enables the following ciphers by default: aes192-ctr and >>> aes256-ctr. >>> What are the plans to support these (aes192-ctr and aes256-ctr) ciphers >>> in these plugins? >>> >>> Thanks.! >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/7f9783bf-6330-4946-a53f-1a4dff767c30%40googlegroups.com >> <https://groups.google.com/d/msgid/jenkinsci-users/7f9783bf-6330-4946-a53f-1a4dff767c30%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVdHSf2GNm%2BR4v8xkUNsp%2B5uNYSJ8dY63M0KJrMjkK7pRQ%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVdHSf2GNm%2BR4v8xkUNsp%2B5uNYSJ8dY63M0KJrMjkK7pRQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAODjEEMfFxee2t9NiMucegagDpeXygPPt%2BpGG-5G1%2BYQS_%3Dn0g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
