ssh/sftp no matching cipher found

user-pic
Vote 0 Votes

ssh/sftp 遇到 no matching cipher found 原因是在 OpenSSH 6.7 之後,
預設移除了不安全的 Cipher, *cbc 及 arcfour*
若使用較舊的 Client, 跟 Server 沒有 matching cipher 就會無法連線

解法:
更新 Client 或啟用 Server 端不安全的 Cipher,
在 sshd_config 加入 *cbc 的支援
Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com
若還是不行, 就全加, 在 sshd_config 加入 *cbc 及 arcfour* 的支援
Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour,arcfour128,
arcfour256,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com

About this Entry

This page contains a single entry by Pank published on April 21, 2016 11:38 AM.

MySQL 5.7 default root password was the previous entry in this blog.

dcmd dssh is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives