> I normally use JellyFiSSH as my ssh tool on osx, and with every other os,
> it has no problems with any of the ssh encryption protocols. The default
> is 3des but it has many to chose from (blowfish, 3des-cbc, cast128-cbc,
> blowfish-cbc, arcfour, aes256-cbc)
>
> OpenSolaris doesn't allow me to use ANY of these, the only ciper i can
> chose is des, but when i actually connect i get this (error/warning?)
>
>
> No valid ciphers for protocol version 2 given, using defaults.
>
> how do i fix this?
>
> i looked in the config but it all looks correct
Get onto the console of the server and enable the ciphers you want in the
sshd_config file. Be sure to shut down ssh services before making
changes.
look for a line like this :
Ciphers aes128-cbc,aes128-ctr,arcfour,aes256-cbc
While you are there , look at these lines :
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
You can increase the bit-length of your host keys with ssh-keygen :
http://www.blastwave.org/man/ssh-keygen_1.ftd
On Solaris 8 ( and even 9 and 10 sometimes ) I tend to use OpenSSH
CSWossh openssh - OpenSSH Secure Shell
(i386) 5.3,REV=2009.12.27_rev=p1
When that installs you see the host keys get generated for you :
## Executing postinstall script.
Starting Blastwave OpenSSH...
Creating new RSA public/private host key pair
Generating public/private rsa key pair.
Your identification has been saved in /etc/opt/csw/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/opt/csw/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
4f:e9:25:2b:24:01:9d:64:eb:f8:18:18:e3:73:9a:d9 r...@titan
The key's randomart image is:
+--[ RSA 2048]----+
| .oo. |
| oo. |
| o o |
| . + o . . |
| + + o S + . |
| B + o + + |
| + E . . + |
| . |
| |
+-----------------+
Creating new DSA public/private host key pair
Generating public/private dsa key pair.
Your identification has been saved in /etc/opt/csw/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/opt/csw/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
69:c9:46:08:f0:b6:0a:61:2c:c2:0e:ed:5f:eb:9e:55 r...@titan
The key's randomart image is:
+--[ DSA 1024]----+
| ... |
|o. . . . |
|=+. o . . |
|*o . . o o |
|... . . S E |
| . o . + . |
| . . . . |
| . o |
| .+ |
+-----------------+
Installation of <CSWossh> was successful.
#
You can do this manually when you are in there on OpenSolaris with
ssh-keygen. I figure since you like to use aes256-cbc you may as well
increase your RSA and DSA bit length on the server host keys.
# ssh-keygen -f ssh_host_rsa_key -t rsa -b 4096 -N ''
Then do the same thing for DSA with "-t dsa" and then restart ssh services.
That will take care of most of the important thing for you.
Does this make sense ?
--
Dennis Clarke
[email protected] <- Email related to the open source Solaris
[email protected] <- Email related to open source for Solaris
_______________________________________________
opensolaris-discuss mailing list
[email protected]
