Net-SSH-Perl - AES ciphers and Net-ssh-perl

[ home | FAQ | about | stats | new post | login | register | tags ]
Do you want to spoil my kids? Here is my Amazon wishlist

Net-SSH-Perl [search.cpan.org] [Kobes search] [View and report bugs] [Ratings 3.8 (10) ]
[AnnoCPAN] [CPAN Tests results] [CPANTS]

Posted on Thu Nov 16 14:43:55 2006 by brezynski
AES ciphers and Net-ssh-perl
Hello, I have a problem with supported ciphers. I'm using NET::SSH::PERL to connect from a standard RHEL4 Linux server to a VMware ESX host (not a virtual machine, this is the physical host on which virtual guests are built). The ESX host comes with sshd configured to use only the following ciphers (from /etc/ssh/sshd_config):
---------------------------------------------------- #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no #ShowPatchLevel no # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server Ciphers aes256-cbc,aes128-cbc ----------------------------------------------------
When I try to establish a new session from the RHEL4 client, I get the following:
---------------------------------------------------- trying to connect to lonve00107 lon0176xus: Reading configuration data /var/www/.ssh/config lon0176xus: Reading configuration data /etc/ssh_config lon0176xus: Allocated local port 1023. lon0176xus: Connecting to lonve00107, port 22. lon0176xus: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 lon0176xus: Net::SSH::Perl Version 1.29, protocol version 2.0. lon0176xus: No compat match: OpenSSH_3.6.1p2. lon0176xus: Connection established. connected to lonve00107 trying to log in as user vmbldusr lon0176xus: Sent key-exchange init (KEXINIT), wait response. No matching cipher found: client 3des-cbc,blowfish-cbc,arcfour server aes256-cbc,aes128-cbc at /usr +/lib/perl5/vendor_perl/5.8.5/Net/SSH/Perl/SSH2.pm line 89 ----------------------------------------------------

If I add, for example, '3des-cbc' to the list of ciphers in /etc/ssh/sshd_config on the ESX server and restart sshd I connect with no problem.

Is there an easy was to add support for aes256-cbc or aes128-cbc to the NET::SSH::PERL module? Is there another way to work around this problem or will I have to change the SSHD configuration on my ESX servers to work with the ciphers currently offered with NET::SSH::PERL?

Thanks for your help

David Brezynski

david.brezynski@rbos.com

Direct Responses: 7398 | 8018 | Write a response

[ home | FAQ | about | stats | new post | login | register | tags ]
Do you want to spoil my kids? Here is my Amazon wishlist
Service launched on 2nd of February 2005.
Comments, and other submissions on CPAN Forum are Copyright 2005-2007, their respective owners.
Site maintainer is not responsible for content. Privacy Policy
Maintained and hosted by Gabor Szabo at Perl Training Israel
See also World Wide Perl Training