Unable to negotiate with XX.XX.XX.XX port 22: no matching cipher found. Their offer: aes256-cbc when trying to SSH to a device.

book

Article ID: 193390

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

The following error is seen when trying to SSH to a device from a bash shell on the SpectroSERVER:

 

"Unable to negotiate with XX.XX.X.XX port 22: no matching cipher found. Their offer: aes256-cbc"

Cause

This issue is related ssh ciphers configuration.
 

 

User level ssh config :  ~/.ssh/config

Global level ssh config : /etc/ssh_config or /etc/ssh/ssh_config

The file in the user home directory overrides settings in the global one.

Environment

Release : 10.3

Component : Spectrum Core / SpectroSERVER

Resolution

Create a config file in $user/.ssh directory

Ex : $user/.ssh/config

Add the following configuration

Host *

   KexAlgorithms +diffie-hellman-group1-sha1

   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc