Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Collaborator

Is it possible to connect to my switch using ssh from the checkpoint cli ?

is it possible to connect to my switch using ssh from the checkpoint cli ?

 

Here is the message i got .

no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

It means the SSH client on the gateway doesn’t support the same ciphers the SSH server is configured to use.
What kind of gateway are you SSHing from and what software version?

nflnetwork29
Collaborator

SMB 1450 R77.20.15

I guess another limitation of the SMB model line?

0 Kudos
PhoneBoy
Admin
Admin

The version string on our SSH client on SMB says: SSHield_2.1.0 derived from OpenSSH_3.5p1, SSH protocols 1.5/2.0, which I believe is used on VXworks systems.
I checked on both R77.20.x and R80.20.x systems, same version string.
OpenSSH 3.5 is pretty old and doesn't support more modern ciphers.
Even our regular gateways, until recently, were using a fairly old version of OpenSSH.
We updated that (along with the Linux kernel) in R80.40.

Getting this client updated on SMB would be an RFE.
Meanwhile, you will have to reconfigure your SSH server to support at least one cipher in common with the client.

0 Kudos
the_rock
Mentor
Mentor

Phoneboy's response is 100% correct actually. Definitely means it would not support same ciphers...I had seen this before.

0 Kudos