• SFTP client failing on 7.4

    From John McCann@21:1/5 to All on Fri May 27 03:21:44 2022
    Hi

    We recently upgraded to a new power 9 box running 7.4, and SFTP client to a customer( we do not run the server) now fails with;

    debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
    debug1: kex: host key algorithm: rsa-sha2-512
    Unable to negotiate with nnn.nn.nnn.nn port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,blowfish-cbc,3des-cbc,cast128-cbc

    We are just using password authentication, which still works fine on our old power 8 box on 7.2.

    We have implemented older protocols and ciphers using system values QSSLCSL, QSSLCSLCTL, QSSLPCL , and TLSCONFIG (in SST)

    Has anyone come across this before, or has any idea where I might look next.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to John McCann on Fri May 27 11:21:26 2022
    On 5/27/22 4:21 AM, John McCann wrote:
    Hi

    Hi,

    We recently upgraded to a new power 9 box running 7.4, and SFTP client
    to a customer( we do not run the server) now fails with;

    ...

    Has anyone come across this before, or has any idea where I might
    look next.

    I've run into something very similar on other platforms.

    Take a look at this and see if it helps you as it helped me.

    Link - OpenSSH: Legacy Options
    - https://www.openssh.com/legacy.html

    In short, the OpenSSH developers have disabled support for some older encryption algorithms and key exchange algorithms _by_ _default_. Thus
    far they are still there and can be re-enabled.

    I've used both command line and client configuration file variants of
    these options on different systems as the need arises.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John McCann@21:1/5 to Grant Taylor on Thu Jun 16 07:29:58 2022
    On Friday, May 27, 2022 at 6:21:17 PM UTC+1, Grant Taylor wrote:
    On 5/27/22 4:21 AM, John McCann wrote:
    Hi

    Hi,
    We recently upgraded to a new power 9 box running 7.4, and SFTP client
    to a customer( we do not run the server) now fails with;
    ...
    Has anyone come across this before, or has any idea where I might
    look next.
    I've run into something very similar on other platforms.

    Take a look at this and see if it helps you as it helped me.

    Link - OpenSSH: Legacy Options
    - https://www.openssh.com/legacy.html

    In short, the OpenSSH developers have disabled support for some older encryption algorithms and key exchange algorithms _by_ _default_. Thus
    far they are still there and can be re-enabled.

    I've used both command line and client configuration file variants of
    these options on different systems as the need arises.



    --
    Grant. . . .
    unix || die


    Thanks Grant.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to John McCann on Thu Jun 16 21:41:37 2022
    On 6/16/22 8:29 AM, John McCann wrote:
    Thanks Grant.

    You're welcome.

    I am curious if the OpenSSH - Legacy Options was germane for you on -- I presume -- IBM i or not.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)