Command Line SSH2 Cipher

[ZIFSocket]

I'm trying to connect to a device that uses AES-128-CTR,AES-192-CTR,AES-256-CTR. Because I'm scripting it, I have to use the command line arguments to connect.

While SecureCRT supports those ciphers through the GUI the help file states that it is not an option for command line.

Why is that? Are there any workarounds?


From help file:

[ /C cipher ]
Specifies a cipher for encrypting the session. Valid values for SSH2 cipher are NONE, 3DES, RC4, and TWOFISH. The default SSH2 cipher is 3DES.

[ekoranyi]

Hi ZIFSocket,

It's rare that you would need to specify the cipher used. Generally SecureCRT and the remote server will auto-negotiate which cipher to use. The general process is, the server will provide a list of available ciphers, SecureCRT then checks its enabled ciphers and chooses which to use. If these ciphers are enabled in SecureCRT you should not need to specify which to use.

Depending on how you are making your connections there can be a couple of different places that you may need to enable these options. The differentiator will be if you are using saved sessions to connect (/S <session name>) or ad-hoc connections (/SSH2 <hostname>). If you are using a saved session the configuration will be done for that specific session, ad-hoc connections will require configuring the Default Session. The Default Session acts as a template for all ad-hoc connections.

We have created a YouTube video titled The Default Session to help demonstrate the use of the Default Session.

To modify a specific session, right click on the session in the Session Manager and click Properties. Navigate to the SSH2 > Advanced category. Here you will want to enable at least one of the ciphers supported by the remote server.

Modifying the Default Session is done much the same way. From the main Options drop down menu choose the Edit Default Session... option. Again, you will navigate to the SSH2 > Advanced category and enable the needed ciphers. When saving the changes you will be prompted to make the changes to only the Default Session or all session. Making the change to only the Default Session will only impact ad-hoc connections and new session going forward, all sessions would also change the options for all of your existing saved sessions.

Using this information are you able to make the changes necessary to connect to your remote server without the need to specify the cipher using /C?

P.S. Using /C AES-256-CTR is a valid use and will successfully use the AES-256-CTR cipher. It looks like our Help file may be a little out of date. I have asked our documentation team to review the /C information and help get it updated.