x/crypto/ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128], server offered: [aes256-cbc 3des-cbc aes128-cbc] #20201
Comments
bradfitz
changed the title
|
/cc @hanwen |
|
works as intended. 3DES is deprecated, and the CBC ciphers have weaknesses, so they're disabled by default. |
|
just try it. it should work. |
|
Ended up finding an example of how to use this from one of the unit tests: Specifically with how to go about appending a cipher to the existing defaults as in here: |
|
hm. This doesn't work for me. Is this correct?
var sshconfig ssh.Config
sshconfig.SetDefaults()
cipherOrder := sshconfig.Ciphers
cipherOrder = append(cipherOrder, "aes128-cbc", "3des-cbc")
I think I am going to have to use telnet instead of ssh... Mebus |
|
you're not changing the slice inside sshconfig |
|
What do I have to change? Mebus |
|
config.ciphers = append(config.ciphers, ...) |
|
It's in there, but the github is formatting it badly: cipherOrder = append(cipherOrder, "aes128-cbc", "3des-cbc") Like this? Mebus |
|
you're not changing config.Ciphers, you're just changing cipherOrder |
|
aaaahh!!! My fault. Working now :-) sshconfig.Ciphers = append(cipherOrder, "3des-cbc") Thanks. :-) Mebus |
|
is there documentation somewhere that lists supported ciphers? |
增加go的crypto的客户端加密方式的配置,官方默认未启用一些安全级别低的加密方式,但是由于某些服务器的操作系统版本低,仍然需要配置,否则会ssh握手失败,具体官方说明请参考golang/go#20201
Please answer these questions before submitting your issue. Thanks!
We onboarded a new client with a new SFTP endpoint and are seeing an error message we never encountered. What is the configuration I need to use to allow the CBC ciphers?
Error
ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128], server offered: [aes256-cbc 3des-cbc aes128-cbc]
What version of Go are you using (
go version)?1.8.1
What operating system and processor architecture are you using (
go env)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
from the current golang docker image
What did you do?
Attempting connection to SFTP host
What did you expect to see?
Successful authentication and connection
What did you see instead?
ssh: handshake failed: ssh: no common algorithm for client to server cipher; client offered: [aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128], server offered: [aes256-cbc 3des-cbc aes128-cbc]
The text was updated successfully, but these errors were encountered: