Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-13-2021, 01:41 PM
fabb fabb is offline
Registered User
 
Join Date: May 2021
Posts: 5
Ciphers and MACs supported by SecureCRT

Hello,

I used a old version of SecureCRT and could not connect any more with ssh to a 'hardened' server which does not support 'weak' cryptographic suites any longer:

Quote:
Key exchange failed.
No compatible cipher. The server supports these ciphers: ChaCha20-Poly1305,AES-128-CTR,AES-192-CTR,AES-256-CTR,AES-128-GCM,AES-256-GCM
No compatible MAC. The server supports these MACs: UMAC-64-EtM,UMAC-128-EtM,SHA2-256-EtM,SHA2-512-EtM,SHA1-EtM,UMAC-64,UMAC-128,SHA2-256,SHA2-512,SHA1
I downloaded the latest version of SecureCRT (9.0.1 (x64 build 2451)) and obvioulsy the issue is the same.
Which means that SecureCRT does not support 'strong' Ciphers and MACs ?
Did I miss something ? Or does SecureCRT plan to enhance that ?

I found info about Ciphers and MACs supported in VShell/Windows, but this does not concern SecureCRT I understand:
https://forums.vandyke.com/showthread.php?t=13880

Thank you.
Reply With Quote
  #2  
Old 05-13-2021, 02:25 PM
berdmann berdmann is offline
VanDyke Technical Support
 
Join Date: Aug 2017
Posts: 441
Hi fabb,

It is likely that you just need to enable the new MAC's/Ciphers in order to connect successfully.

If you navigate to Options -> Session Options -> SSH2 -> Advanced , you can enable the newer MAC's/Ciphers that were not available prior to your upgrade to 9.0.1.

If you would like to enable the new MAC's/Ciphers for all of your sessions at once, you can do so by navigating to Options -> Edit Default Session... -> SSH2 -> Advanced and then apply the changes to all of your sessions when you save your changes to the Default Session.

Please refer to the FAQ's linked below for additional information:
https://forums.vandyke.com/showthread.php?t=13274
https://forums.vandyke.com/showthread.php?t=13275
Are you able to connect after enabling the MAC's/Ciphers supported by the remote host?
__________________
Thanks,
--Brittney

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 05-25-2021, 04:01 PM
fabb fabb is offline
Registered User
 
Join Date: May 2021
Posts: 5
Hello,
thanks for your reply.

Quote:
If you would like to enable the new MAC's/Ciphers for all of your sessions at once, you can do so by navigating to Options -> Edit Default Session... -> SSH2 -> Advanced
Actually, this option is already enabled.

So I guess the message displayed on my console :

Quote:
Key exchange failed.
No compatible cipher. The server supports these ciphers: ChaCha20-Poly1305,AES-128-CTR,AES-192-CTR,AES-256-CTR,AES-128-GCM,AES-256-GCM
No compatible MAC. The server supports these MACs: UMAC-64-EtM,UMAC-128-EtM,SHA2-256-EtM,SHA2-512-EtM,SHA1-EtM,UMAC-64,UMAC-128,SHA2-256,SHA2-512,SHA1
is sent by the server, and is faulty : instead of "The server supports" it should be "The client supports" ...

And then the MAC's/Ciphers issue resides on the server ...
I'll look into it.
Reply With Quote
  #4  
Old 05-25-2021, 05:14 PM
berdmann berdmann is offline
VanDyke Technical Support
 
Join Date: Aug 2017
Posts: 441
Hi fabb,

SecureCRT logs the MAC's/Ciphers that are supported by the server purposefully.

Did you check the Session Options of the actual session that you are testing with to ensure that all of the server supported MAC's/Ciphers are enabled, instead of just checking the Default Session? (Right-click on your session in the Session Manager, press "Properties" and then navigate to the SSH2 -> Advanced cateogry)
__________________
Thanks,
--Brittney

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 09:03 PM.