Difference between revisions of "Enable Legacy Cipher in Linux for SecureCRT"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(Created page with "upporting legacy ciphers for backwards compatibility is necessary to connect "ssh" with SecureCRT. The ssh server "sshd" ciphers can be configured via the file: vi /etc/ssh/...")
 
Line 1: Line 1:
upporting legacy ciphers for backwards compatibility is necessary to connect "ssh" with SecureCRT.  The ssh server "sshd" ciphers can be configured via the file:
+
SecureCRT version 3.1.2 has a limited selection of available ciphers.  It is an old version of the client.  In the past when the selections
 +
*Cipher: 3DES
 +
*MAC: MD5
 +
where used, the client connected to the linux system sshd server (OpenSSH).  SecureCRT is actually using the cipher "3des-cbc" specifically.
 +
 
 +
Supporting legacy ciphers for backwards compatibility is necessary to connect "ssh" with SecureCRT.  The ssh server "sshd" ciphers can be configured via the file:
 
  vi /etc/ssh/sshd_config
 
  vi /etc/ssh/sshd_config
 
See what ciphers are available on your system:
 
See what ciphers are available on your system:
Line 5: Line 10:
 
Even though 3des-cbc is enabled in the configuration, the client using 3des-cbc is rejected, as evidence in the log
 
Even though 3des-cbc is enabled in the configuration, the client using 3des-cbc is rejected, as evidence in the log
 
  cat /var/log/auth.log
 
  cat /var/log/auth.log
 +
 
It turns out that number of version 2 ciphers have been disabled in the 6.7p1-1 release of openssh.  Lets see what version of OpenSSH we have.
 
It turns out that number of version 2 ciphers have been disabled in the 6.7p1-1 release of openssh.  Lets see what version of OpenSSH we have.
 
  dpkg-query -l|grep -i openssh
 
  dpkg-query -l|grep -i openssh
 
Debian Linux Jessie reports openssh-server 1:6.7p1-5+deb8u3 which has the following ciphers disabled: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
 
Debian Linux Jessie reports openssh-server 1:6.7p1-5+deb8u3 which has the following ciphers disabled: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se

Revision as of 23:11, 26 February 2017

SecureCRT version 3.1.2 has a limited selection of available ciphers. It is an old version of the client. In the past when the selections

  • Cipher: 3DES
  • MAC: MD5

where used, the client connected to the linux system sshd server (OpenSSH). SecureCRT is actually using the cipher "3des-cbc" specifically.

Supporting legacy ciphers for backwards compatibility is necessary to connect "ssh" with SecureCRT. The ssh server "sshd" ciphers can be configured via the file:

vi /etc/ssh/sshd_config

See what ciphers are available on your system:

ssh -Q cipher localhost

Even though 3des-cbc is enabled in the configuration, the client using 3des-cbc is rejected, as evidence in the log

cat /var/log/auth.log

It turns out that number of version 2 ciphers have been disabled in the 6.7p1-1 release of openssh. Lets see what version of OpenSSH we have.

dpkg-query -l|grep -i openssh

Debian Linux Jessie reports openssh-server 1:6.7p1-5+deb8u3 which has the following ciphers disabled: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se