Cyberduck Mountain Duck CLI

#3271 closed defect (worksforme)

Matching cipher is not supported: aes256-ctr

Reported by: ltorresan@… Owned by: dkocher
Priority: high Milestone:
Component: sftp Version: 3.2
Severity: major Keywords:
Cc: Architecture:
Platform:

Description (last modified by dkocher)

After a recent patch was applied to our Solaris 10 software on our server, we can no longer connect to the server with Cyberduck using SFTP. Upon login, it immediately gives a, "I/O Error: Connection failed. There was a problem connecting to our server:22". Nothing is even listed in the Transcript.

In /var/adm/messages we are getting:

fatal: matching cipher is not supported: aes256-ctr

We are able to connect to the same server successfully using Fetch and Fugu. We are running SSH2.

Do we somehow need to reconfigure Cyberduck to handle a different cipher or to use SSH2 or ...?

We are running Mac OS 10.4.11 and 10.5, and Cyberduck Version 3.2 (4648) or later.

Thanks.

Change History (10)

comment:1 Changed on Jun 26, 2009 at 10:45:09 AM by dkocher

  • Description modified (diff)
  • Summary changed from Cannot connect with SFTP to Matching cipher is not supported: aes256-ctr

comment:2 Changed on Jun 26, 2009 at 10:47:38 AM by dkocher

Looks related to this issue: http://forums.sun.com/thread.jspa?threadID=5393136. What is the selected cipher if you connect using

ssh -v

comment:3 Changed on Jun 26, 2009 at 10:59:23 AM by dkocher

Supported ciphers by Cyberduck are (top has first priority, selection is depending on the match from the advertised ciphers from the server.

aes256-ctr
aes192-ctr
aes128-ctr
blowfish-ctr
aes256-cbc
aes192-cbc
aes128-cbc
blowfish-cbc
3des-ctr
3des-cbc

comment:4 Changed on Jun 26, 2009 at 1:30:30 PM by ltorresan@…

it looks like our cipher is aes128-cbc

excerpt:

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

I wonder why it would seemingly stop after Cyberduck tries aes256-ctr?

Do you need more info from the ssh -v transcript?

Thank you.. Laura

comment:5 follow-ups: Changed on Sep 15, 2009 at 3:43:31 PM by wschulze@…

I have a similar problem connecting to a SunOS 5.10 server using sftp (Cyberduck Version 3.2.1 (4923)). Is it possible to edit the cipher-priority-list in Cyberduck? The system wide open_ssh Ciphers list seems to be ignored by Cyberduck.

Grüsse aus dem Frankenland in Schweiz

Wolfram

comment:6 in reply to: ↑ 5 Changed on Jan 2, 2010 at 1:33:06 PM by dkocher

Replying to wschulze@…:

I have a similar problem connecting to a SunOS 5.10 server using sftp (Cyberduck Version 3.2.1 (4923)). Is it possible to edit the cipher-priority-list in Cyberduck? The system wide open_ssh Ciphers list seems to be ignored by Cyberduck.

Grüsse aus dem Frankenland in Schweiz

Wolfram

No wen don't read the preferred priorities from the OpenSSH configuration.

comment:7 in reply to: ↑ 5 Changed on Jan 2, 2010 at 1:34:19 PM by dkocher

Replying to wschulze@…:

I have a similar problem connecting to a SunOS 5.10 server

I would need a public reachable server to replicate this issue. I suppose I need no account to debug the key negotation failure.

comment:8 follow-up: Changed on Jan 22, 2010 at 9:44:33 PM by Cipher_aes128

Same exact problem where I cannot connect to a server using SFTP since some change in Cyberduck some months ago. In my case, the cipher is different. Just now finding this support page as the lack of SFTP support prevents my use.

debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '75.126.144.70' is known and matches the RSA host key.

comment:9 in reply to: ↑ 8 Changed on Nov 25, 2010 at 3:05:11 PM by dkocher

Replying to Cipher_aes128:

Same exact problem where I cannot connect to a server using SFTP since some change in Cyberduck some months ago. In my case, the cipher is different. Just now finding this support page as the lack of SFTP support prevents my use.

debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '75.126.144.70' is known and matches the RSA host key.

Please post the output of ssh -vv that includes key negogiation debug information and/or give me a test account on the server.

comment:10 Changed on Nov 26, 2010 at 2:22:47 PM by dkocher

  • Resolution set to worksforme
  • Status changed from new to closed

Please reopen if you can supply the information above.

Note: See TracTickets for help on using tickets.
swiss made software