it makes sense but when i tried to enable the cipers in the config file ssh refused to start and stayed in maintainence mode. It took me 20 minutes 2 reboots and 20 commands to get it to start back up....this is really frustrating. I'd rather just have OpenSSH.... oh well I'll try again i guess
On Sun, Feb 7, 2010 at 12:02 PM, Dennis Clarke <dcla...@blastwave.org>wrote: > > > I normally use JellyFiSSH as my ssh tool on osx, and with every other os, > > it has no problems with any of the ssh encryption protocols. The default > > is 3des but it has many to chose from (blowfish, 3des-cbc, cast128-cbc, > > blowfish-cbc, arcfour, aes256-cbc) > > > > OpenSolaris doesn't allow me to use ANY of these, the only ciper i can > > chose is des, but when i actually connect i get this (error/warning?) > > > > > > No valid ciphers for protocol version 2 given, using defaults. > > > > how do i fix this? > > > > i looked in the config but it all looks correct > > Get onto the console of the server and enable the ciphers you want in the > sshd_config file. Be sure to shut down ssh services before making > changes. > > look for a line like this : > > Ciphers aes128-cbc,aes128-ctr,arcfour,aes256-cbc > > While you are there , look at these lines : > > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > > You can increase the bit-length of your host keys with ssh-keygen : > > http://www.blastwave.org/man/ssh-keygen_1.ftd > > On Solaris 8 ( and even 9 and 10 sometimes ) I tend to use OpenSSH > > CSWossh openssh - OpenSSH Secure Shell > (i386) 5.3,REV=2009.12.27_rev=p1 > > When that installs you see the host keys get generated for you : > > ## Executing postinstall script. > Starting Blastwave OpenSSH... > Creating new RSA public/private host key pair > Generating public/private rsa key pair. > Your identification has been saved in /etc/opt/csw/ssh/ssh_host_rsa_key. > Your public key has been saved in /etc/opt/csw/ssh/ssh_host_rsa_key.pub. > The key fingerprint is: > 4f:e9:25:2b:24:01:9d:64:eb:f8:18:18:e3:73:9a:d9 r...@titan > The key's randomart image is: > +--[ RSA 2048]----+ > | .oo. | > | oo. | > | o o | > | . + o . . | > | + + o S + . | > | B + o + + | > | + E . . + | > | . | > | | > +-----------------+ > Creating new DSA public/private host key pair > Generating public/private dsa key pair. > Your identification has been saved in /etc/opt/csw/ssh/ssh_host_dsa_key. > Your public key has been saved in /etc/opt/csw/ssh/ssh_host_dsa_key.pub. > The key fingerprint is: > 69:c9:46:08:f0:b6:0a:61:2c:c2:0e:ed:5f:eb:9e:55 r...@titan > The key's randomart image is: > +--[ DSA 1024]----+ > | ... | > |o. . . . | > |=+. o . . | > |*o . . o o | > |... . . S E | > | . o . + . | > | . . . . | > | . o | > | .+ | > +-----------------+ > > Installation of <CSWossh> was successful. > # > > You can do this manually when you are in there on OpenSolaris with > ssh-keygen. I figure since you like to use aes256-cbc you may as well > increase your RSA and DSA bit length on the server host keys. > > # ssh-keygen -f ssh_host_rsa_key -t rsa -b 4096 -N '' > > Then do the same thing for DSA with "-t dsa" and then restart ssh services. > > That will take care of most of the important thing for you. > > Does this make sense ? > > -- > Dennis Clarke > dcla...@opensolaris.ca <- Email related to the open source Solaris > dcla...@blastwave.org <- Email related to open source for Solaris > > >
_______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
