Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 05-18-2015, 04:22 PM
HelpSeth HelpSeth is offline
Registered User
 
Join Date: May 2015
Posts: 2
Unable to connect to new Linux hosts

We've recently had some linux servers added, that I'm needing to connect to.

However, when I go to connect to these servers and create a session for them in SecureCRT, I keep getting the following error:

"Key exchange failed.
No compatible cipher. The server supports these ciphers: AES-256-CTR,AES-192-CTR,AES-128-CTR"


Key exchange is not something I've ever encountered on the other server sessions I've setup, so I'm a little clueless on them. However, looking in the property settings for the session, I do see the various key exchange options out there - however none of them mention the ciphers the server error above (3 diff-helman and 2 Kerberos options only).

While googling those ciphers and securecrt I did come across something that said securecrt supports those ciphers, but I don't see them as options anywhere - is there something obvious I am missing? I've tried unchecking and reordering the key exchange options I have available, but it does not seem to make a difference.

Help please!

Thanks,
Seth
Reply With Quote
  #2  
Old 05-18-2015, 05:31 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 929
Quote:
Originally Posted by HelpSeth View Post
...when I go to connect to these servers and create a session for them in SecureCRT, I keep getting the following error:

"Key exchange failed.
No compatible cipher. The server supports these ciphers: AES-256-CTR,AES-192-CTR,AES-128-CTR"


...I do see the various key exchange options out there - however none of them mention the ciphers the server error above (3 diff-helman and 2 Kerberos options only).

While googling those ciphers and securecrt I did come across something that said securecrt supports those ciphers, but I don't see them as options anywhere - is there something obvious I am missing? I've tried unchecking and reordering the key exchange options I have available, but it does not seem to make a difference.
You're confusing key exchange algorithms with cipher algorithms; they're not the same thing.

Diffie-hellman-* et. al. are key exchange algorithms.

AES-256-CTR, et. al. are ciphers.

What you're experiencing is the remote server only allowing AES-*-CTR ciphers, but your SecureCRT is either a) configured to use non-CTR ciphers, or b) old enough that it doesn't have support for CTR ciphers.

If you're running a contemporary version of SecureCRT (newer than 6.1.2), you'll find ciphers listed in the Session Options / Connection / SSH2 / Advanced category (look for the cipher listing as in the attached graphic).

If you don't see any -CTR ciphers listed in the Cipher group in the SSH2 Advanced Options page of the Session Options dialog, it most likely means you're running a version of SecureCRT that is too old to support those ciphers.

Do you see the CTR ciphers in the SSH2 Advanced Options category of your session options dialog?

If you see them but they're not enabled, enable each of them and move them to the top of the list of ciphers (so that when you connect to servers that support them as well as other non-CTR ciphers, these more secure ciphers will be used instead).

CTR ciphers were added in SecureCRT 6.1.3, so if you're running an older version, you'll need to upgrade to 6.1.3 or newer to gain access to them.

You can check upgrade eligibility for your license at the following location on our web site:
http://www.vandyke.com/pricing/upgra...urecrt_el.html

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 05:33 PM.