AES ciphers and Net-ssh-perl

Posted on 2006-11-16 12:43:55-08 by brezynski

Hello, I have a problem with supported ciphers. I'm using NET::SSH::PERL to connect from a standard RHEL4 Linux server to a VMware ESX host (not a virtual machine, this is the physical host on which virtual guests are built). The ESX host comes with sshd configured to use only the following ciphers (from /etc/ssh/sshd_config):

---------------------------------------------------- #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no #ShowPatchLevel no # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server Ciphers aes256-cbc,aes128-cbc ----------------------------------------------------

When I try to establish a new session from the RHEL4 client, I get the following:

---------------------------------------------------- trying to connect to lonve00107 lon0176xus: Reading configuration data /var/www/.ssh/config lon0176xus: Reading configuration data /etc/ssh_config lon0176xus: Allocated local port 1023. lon0176xus: Connecting to lonve00107, port 22. lon0176xus: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 lon0176xus: Net::SSH::Perl Version 1.29, protocol version 2.0. lon0176xus: No compat match: OpenSSH_3.6.1p2. lon0176xus: Connection established. connected to lonve00107 trying to log in as user vmbldusr lon0176xus: Sent key-exchange init (KEXINIT), wait response. No matching cipher found: client 3des-cbc,blowfish-cbc,arcfour server aes256-cbc,aes128-cbc at /usr +/lib/perl5/vendor_perl/5.8.5/Net/SSH/Perl/SSH2.pm line 89 ----------------------------------------------------

If I add, for example, '3des-cbc' to the list of ciphers in /etc/ssh/sshd_config on the ESX server and restart sshd I connect with no problem.

Is there an easy was to add support for aes256-cbc or aes128-cbc to the NET::SSH::PERL module? Is there another way to work around this problem or will I have to change the SSHD configuration on my ESX servers to work with the ciphers currently offered with NET::SSH::PERL?

Thanks for your help

David Brezynski

david.brezynski@rbos.com

Direct Responses: 7398 | 8018 | Write a response

Posted on 2008-03-19 13:11:52-07 by patrickj in response to 3557

Re: AES ciphers and Net-ssh-perl

Hi David I'm wondering if you got a solution on this ? I have had exactly the same issue here. Changing the sshd solves the problem. Thanks Pat

Direct Responses: Write a response

Posted on 2008-06-04 11:03:11-07 by ranjana in response to 3557

Re: AES ciphers and Net-ssh-perl

Hi, I too faced the same Problem when trying to connect from Rhel machine to Esx.After Modifying the sshd file,it works. Is there any other way other than this.. Thanks, Ranjana

Direct Responses: Write a response

Perl Weekly newsletter
A free weekly newsletter for people who are busy to read all the blogs. click here to check it out.