Targeting a Agent-less Solaris v11 x64 asset - an error shows for the data collection: Couldn't agree a client-to-server cipher.
Note: agent and agent-less data collection from Oracle Solaris 11 assets is supported by the latest Symantec Control Compliance Suite 11 and 10.5.1 versions.
{Date Time},Unix Data Collector: query returned with message(s).,"{SOLARIS11_ASSET_HOST_NAME.EN_US}: Couldn't agree a client-to-server cipher (available: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour)",Error,{SOLARIS11_ASSET_HOST_NAME.EN_US}:{IP_ADDRESS.EN_US},UNIX Machine,,
The ssh handshake attempt between CCS and the Solaris 11 system fails to agree on a cipher.
By default Solaris 11 only supports the following ciphers: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour.
CCS requires 3des-cbc.
The current workaround is to add the "3des-cbc" to the list of accepted ciphers in the Solaris 11 sshd configuration file.
Step 1. Add the following line in /etc/ssh/sshd_config (We are adding 3des-cbc to the default ciphers)
Step 2. Restart the sshd daemon on Solaris system.
At this point the CCS agent-less data collection will work.
Applies To
Symantec Control Compliance Suite 10.5.1
Symantec Control Compliance Suite 11 GA
Oracle Solaris 11 (both X64 and SPARC)