Unable to connect to new Linux hosts
We've recently had some linux servers added, that I'm needing to connect to.
However, when I go to connect to these servers and create a session for them in SecureCRT, I keep getting the following error:
"Key exchange failed.
No compatible cipher. The server supports these ciphers: AES-256-CTR,AES-192-CTR,AES-128-CTR"
Key exchange is not something I've ever encountered on the other server sessions I've setup, so I'm a little clueless on them. However, looking in the property settings for the session, I do see the various key exchange options out there - however none of them mention the ciphers the server error above (3 diff-helman and 2 Kerberos options only).
While googling those ciphers and securecrt I did come across something that said securecrt supports those ciphers, but I don't see them as options anywhere - is there something obvious I am missing? I've tried unchecking and reordering the key exchange options I have available, but it does not seem to make a difference.
Diffie-hellman-* et. al. are key exchange algorithms.
AES-256-CTR, et. al. are ciphers.
What you're experiencing is the remote server only allowing AES-*-CTR ciphers, but your SecureCRT is either a) configured to use non-CTR ciphers, or b) old enough that it doesn't have support for CTR ciphers.
If you're running a contemporary version of SecureCRT (newer than 6.1.2), you'll find ciphers listed in the Session Options / Connection / SSH2 / Advanced category (look for the cipher listing as in the attached graphic).
If you don't see any -CTR ciphers listed in the Cipher group in the SSH2 Advanced Options page of the Session Options dialog, it most likely means you're running a version of SecureCRT that is too old to support those ciphers.
Do you see the CTR ciphers in the SSH2 Advanced Options category of your session options dialog?
If you see them but they're not enabled, enable each of them and move them to the top of the list of ciphers (so that when you connect to servers that support them as well as other non-CTR ciphers, these more secure ciphers will be used instead).
CTR ciphers were added in SecureCRT 6.1.3, so if you're running an older version, you'll need to upgrade to 6.1.3 or newer to gain access to them.
You can check upgrade eligibility for your license at the following location on our web site:
YouTube Channel: https://www.youtube.com/vandykesoftware
|Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)|