Hi, thanks for taking the time to file a bug.
The three ciphers you listed, aes128-cbc, 3des-cbc, and des-cbc, I
believe are not considered secure anymore. While your SSH client can use
them, it may not offer them without explicitly saying you wish to use
them as you have discovered.
It may be possible to use `ssh -vv ...` to produce some additional debug
output and may show what ciphers were offered.
As such I do not think this is actually a bug in Ubuntu and will mark it
incomplete. If you disagree or have additional information please feel
free to add it to this bug. Thanks again!
** Changed in: openssh (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1771359
Title:
No matching cipher found even if client and server have matching
cipher
Status in openssh package in Ubuntu:
Incomplete
Bug description:
Since Bionic upgrade (from Artful) I encounter problem to call HP
switch with SSH.
After the upgrade, trying to ssh some switch give me this message :
$ ssh 192.168.0.1
Unable to negotiate with 192.168.0.1 port 22: no matching cipher found. Their
offer: aes128-cbc,3des-cbc,des-cbc
So, I look for supported cipher :
$ ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-...@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-...@openssh.com
aes256-...@openssh.com
chacha20-poly1...@openssh.com
I see that aes128-cbc seem both supported. So I try... :
$ ssh -c aes128-cbc 192.168.0.1
...and It's work !
Workaround :
I've added “ciphers aes128-cbc” to ~/.ssh/config file for each switch
I manage.
The ssh-client should detect automatically the good cipher ? No ?
Thank you for your attention.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssh-client 1:7.6p1-4
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: GNOME
Date: Tue May 15 15:39:00 2018
EcryptfsInUse: Yes
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=fr_FR.UTF-8
SHELL=/bin/bash
RelatedPackageVersions:
ssh-askpass N/A
libpam-ssh N/A
keychain N/A
ssh-askpass-gnome 1:7.6p1-4
SSHClientVersion: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
SourcePackage: openssh
UpgradeStatus: Upgraded to bionic on 2018-04-24 (21 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771359/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
