[Ovmsdev] openssh 6.7 cipher aes128-cbc

Robin O'Leary ovmsdev at caederus.org
Fri Apr 20 19:48:52 HKT 2018

On Thu, Apr 19, 2018 at 04:39:09PM -0700, Stephen Casner wrote:
> On Thu, 19 Apr 2018, Robin O'Leary wrote:
> > The log output was very brief:
> >
> > E (43385740) ssh: Error in reception: -20
> ...  If you would like to dig further, you
> can uncomment this line in components/wolfssh/component.mk and compile
> again (it may be necessary to make clean first):

OK, so that started me on quite an adventure in to compiler errors
and git submodules, but the upshot is that wolfssh only supports
cipher aes128-cbc and openssh now has this disabled by default.
From http://www.openssh.com/txt/release-6.7:

	Changes since OpenSSH 6.6

	Potentially-incompatible changes

	 * sshd(8): The default set of ciphers and MACs has been altered to
	   remove unsafe algorithms. In particular, CBC ciphers and arcfour*
	   are disabled by default.

At least for now, aes128-cbc is still supported, so I can do:

	ssh -c aes128-cbc ...

or more permanently in ~/.ssh/config:

	Host chevaline
	Ciphers +aes128-cbc

Thanks for your help pursuing this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20180420/5bd0374b/attachment-0002.sig>

More information about the OvmsDev mailing list