[Ovmsdev] openssh 6.7 cipher aes128-cbc
Robin O'Leary
ovmsdev at caederus.org
Fri Apr 20 19:48:52 HKT 2018
On Thu, Apr 19, 2018 at 04:39:09PM -0700, Stephen Casner wrote:
> On Thu, 19 Apr 2018, Robin O'Leary wrote:
> > The log output was very brief:
> >
> > E (43385740) ssh: Error in reception: -20
>
> ... If you would like to dig further, you
> can uncomment this line in components/wolfssh/component.mk and compile
> again (it may be necessary to make clean first):
>
> #CFLAGS += -DDEBUG_WOLFSSH
OK, so that started me on quite an adventure in to compiler errors
and git submodules, but the upshot is that wolfssh only supports
cipher aes128-cbc and openssh now has this disabled by default.
From http://www.openssh.com/txt/release-6.7:
Changes since OpenSSH 6.6
=========================
Potentially-incompatible changes
* sshd(8): The default set of ciphers and MACs has been altered to
remove unsafe algorithms. In particular, CBC ciphers and arcfour*
are disabled by default.
...
At least for now, aes128-cbc is still supported, so I can do:
ssh -c aes128-cbc ...
or more permanently in ~/.ssh/config:
Host chevaline
Ciphers +aes128-cbc
Thanks for your help pursuing this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20180420/5bd0374b/attachment-0002.sig>
More information about the OvmsDev
mailing list