VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   Secure Shell (https://forums.vandyke.com/forumdisplay.php?f=15)
-   -   Ciphers and MACs supported by SecureCRT (https://forums.vandyke.com/showthread.php?t=14526)

fabb 05-13-2021 12:41 PM

Ciphers and MACs supported by SecureCRT
 
Hello,

I used a old version of SecureCRT and could not connect any more with ssh to a 'hardened' server which does not support 'weak' cryptographic suites any longer:

Quote:

Key exchange failed.
No compatible cipher. The server supports these ciphers: ChaCha20-Poly1305,AES-128-CTR,AES-192-CTR,AES-256-CTR,AES-128-GCM,AES-256-GCM
No compatible MAC. The server supports these MACs: UMAC-64-EtM,UMAC-128-EtM,SHA2-256-EtM,SHA2-512-EtM,SHA1-EtM,UMAC-64,UMAC-128,SHA2-256,SHA2-512,SHA1
I downloaded the latest version of SecureCRT (9.0.1 (x64 build 2451)) and obvioulsy the issue is the same.
Which means that SecureCRT does not support 'strong' Ciphers and MACs ?
Did I miss something ? Or does SecureCRT plan to enhance that ?

I found info about Ciphers and MACs supported in VShell/Windows, but this does not concern SecureCRT I understand:
https://forums.vandyke.com/showthread.php?t=13880

Thank you.

berdmann 05-13-2021 01:25 PM

Hi fabb,

It is likely that you just need to enable the new MAC's/Ciphers in order to connect successfully.

If you navigate to Options -> Session Options -> SSH2 -> Advanced , you can enable the newer MAC's/Ciphers that were not available prior to your upgrade to 9.0.1.

If you would like to enable the new MAC's/Ciphers for all of your sessions at once, you can do so by navigating to Options -> Edit Default Session... -> SSH2 -> Advanced and then apply the changes to all of your sessions when you save your changes to the Default Session.

Please refer to the FAQ's linked below for additional information:
https://forums.vandyke.com/showthread.php?t=13274
https://forums.vandyke.com/showthread.php?t=13275
Are you able to connect after enabling the MAC's/Ciphers supported by the remote host?

fabb 05-25-2021 03:01 PM

Hello,
thanks for your reply.

Quote:

If you would like to enable the new MAC's/Ciphers for all of your sessions at once, you can do so by navigating to Options -> Edit Default Session... -> SSH2 -> Advanced
Actually, this option is already enabled.

So I guess the message displayed on my console :

Quote:

Key exchange failed.
No compatible cipher. The server supports these ciphers: ChaCha20-Poly1305,AES-128-CTR,AES-192-CTR,AES-256-CTR,AES-128-GCM,AES-256-GCM
No compatible MAC. The server supports these MACs: UMAC-64-EtM,UMAC-128-EtM,SHA2-256-EtM,SHA2-512-EtM,SHA1-EtM,UMAC-64,UMAC-128,SHA2-256,SHA2-512,SHA1
is sent by the server, and is faulty : instead of "The server supports" it should be "The client supports" ...

And then the MAC's/Ciphers issue resides on the server ...
I'll look into it.

berdmann 05-25-2021 04:14 PM

Hi fabb,

SecureCRT logs the MAC's/Ciphers that are supported by the server purposefully.

Did you check the Session Options of the actual session that you are testing with to ensure that all of the server supported MAC's/Ciphers are enabled, instead of just checking the Default Session? (Right-click on your session in the Session Manager, press "Properties" and then navigate to the SSH2 -> Advanced cateogry)


All times are GMT -6. The time now is 03:45 PM.