Security: April 2016 Archives

ssh/sftp no matching cipher found

user-pic
By Pank on April 21, 2016 11:38 AM Vote 0 Votes

ssh/sftp 遇到 no matching cipher found 原因是在 OpenSSH 6.7 之後,
預設移除了不安全的 Cipher, *cbc 及 arcfour*
若使用較舊的 Client, 跟 Server 沒有 matching cipher 就會無法連線

解法:
更新 Client 或啟用 Server 端不安全的 Cipher,
在 sshd_config 加入 *cbc 的支援
Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com
若還是不行, 就全加, 在 sshd_config 加入 *cbc 及 arcfour* 的支援
Ciphers 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour,arcfour128,
arcfour256,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com

Create Entry
« Security: January 2016 | Blog Home | Archives | Security: May 2016 »

Recent Entries

Recent Comments

About this Archive

This page is an archive of entries in the Security category from April 2016.

Security: January 2016 is the previous archive.

Security: May 2016 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Security: Monthly Archives

Categories

Monthly Archives