Bad SSH2 cipher spec error - SSH

This is a discussion on Bad SSH2 cipher spec error - SSH ; I'm trying to scp data between 2 Solaris systems: Source server: Solaris 10 / Sun_SSH_1.1 / OpenSSL 0.9.8.a. Destination server: Solaris 8 / OpenSSH_4.2p1 / OpenSSL 0.9.8a Using scp -p, I can move files from the source to the destination ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Bad SSH2 cipher spec error

  1. Bad SSH2 cipher spec error

    I'm trying to scp data between 2 Solaris systems:

    Source server: Solaris 10 / Sun_SSH_1.1 / OpenSSL 0.9.8.a.
    Destination server: Solaris 8 / OpenSSH_4.2p1 / OpenSSL 0.9.8a

    Using scp -p, I can move files from the source to the destination
    without any problems. However, from time to time, the copy fails with
    the following message:

    /etc/ssh/ssh_config line 21: Bad SSH2 cipher spec
    'aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc'.

    What can I do about this and how can I go about debugging the problem?
    How can I verify that the ciphers listed in ssh_config are usable
    ciphers between the source and destination serves?

    - CDM


  2. Re: Bad SSH2 cipher spec error

    On 2006-04-11, CDM wrote:
    > Source server: Solaris 10 / Sun_SSH_1.1 / OpenSSL 0.9.8.a.
    > Destination server: Solaris 8 / OpenSSH_4.2p1 / OpenSSL 0.9.8a

    [...]
    > /etc/ssh/ssh_config line 21: Bad SSH2 cipher spec
    > 'aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc'.
    >
    > What can I do about this and how can I go about debugging the problem?


    Check the documentation for the software returning the error to see which
    ciphers it supports.

    I suspect it's on the SunSSH side; by default Solaris ships with an
    OpenSSL library that doesn't support any ciphers with a key length
    >128bit, so try removing aes192-cbc and aes256-cbc.


    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: Bad SSH2 cipher spec error

    Thanks for the feedback. I'll check in with Sun.

    In the meantime, why do you suppose that the problem is only
    intermittent? Is the server changing ciphers in flight as network/cpu
    bandwidth changes perhaps?

    I did a test this morning with a script that scp's 20+ large files
    between the 2 servers. During the first run, the script fell over with
    the error above but half an hour later, when I repeated the exact same
    test, it completed all the way through with no errors. How can that be?

    - CDM


  4. Re: Bad SSH2 cipher spec error

    >>>>> "CDM" == CDM writes:

    CDM> Thanks for the feedback. I'll check in with Sun. In the
    CDM> meantime, why do you suppose that the problem is only
    CDM> intermittent? Is the server changing ciphers in flight as
    CDM> network/cpu bandwidth changes perhaps?

    No.

    CDM> I did a test this morning with a script that scp's 20+ large
    CDM> files between the 2 servers. During the first run, the script
    CDM> fell over with the error above but half an hour later, when I
    CDM> repeated the exact same test, it completed all the way through
    CDM> with no errors. How can that be?

    Perhaps there is more than one set of SSH software installed on one system
    (probably the server), and it's occasionally running the wrong one for
    some reason (PATH oddness, ...).

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread