When trying to connect *from* my SME server *to* CentOS 7 (openssh v7.4), Ubuntu 16.04 (openssh v7.2), or a Ubiquiti Edgerouter (openssh 6.6), I get this error:
no matching cipher found: client arcfour256,blowfish-cbc,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour server chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
I can connect if I add "-c aes256-ctr" on the command line, like this:
# ssh -c aes256-ctr username@ubuntu-16.04-server-ip
# ssh -c aes256-ctr root@centos7-ip
# ssh -c aes256-ctr admin@ubiquiti-edgerouter-ip
I've submitted an NFR in bugzilla asking to have the default ssh client cipher list updated to include aes256-ctr:
Bug 10621For now I've updated my own defaults using a custom template:
mkdir -p /etc/e-smith/templates-custom/etc/ssh/ssh_config
sed s/\ arcfour256/\ aes256-ctr,arcfour256/ /etc/e-smith/templates/etc/ssh/ssh_config/30Ciphers > /etc/e-smith/templates-custom/etc/ssh/ssh_config/30Ciphers
expand-template /etc/ssh/ssh_config
When done:
#------------------------------------------------------------
# !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
Host *
Port 22
Protocol 2
Cipher blowfish
Ciphers aes256-ctr,arcfour256,blowfish-cbc,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour
GSSAPIAuthentication yes
#ForwardX11 no
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL