I'm running into an issue where a server was upgraded to RHEL 6.5, and we have automated bash scripts on an RHEL 5.9 install that connects through sftp and ssh commands.
Now, the new server only supports the ciphers aes128-ctr, aes192-ctr, and aes256-ctr.
I was able to update the ssh commands to use the -c option with aes256-ctr and this worked:
ssh -c aes256-ctr ${remote_host} ${my_command}
However, when I tried do the equivalent for sftp:
sftp -oCipher=aes256-ctr ${remote_host} <<< $'get /home/me/* me/'
I am getting an error that the client does not support the same ciphers as the server:
no matching cipher found: client
arcfour256,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
server aes128-ctr,aes192-ctr,aes256-ctr
These ssh and sftp command are executed on the same RHEL 5.9 box, so I'm wondering why this works for ssh and not sftp?
Also, how do fix this so I can connect using sftp without any client side changes?
Best Answer
The
Cipher
directive is for SSH version 1 (which is not in use nowadays).For SSH version 2, use the
Ciphers
:See the
ssh_config
man page.Though note that the
sftp
supports the-c
switch too. So there's no need for using the-o
.See the
sftp
man page:The option is supported since OpenSSH 5.4. The change is disguised as "Support most of scp(1)'s commandline arguments in sftp(1)".
Note the command-line argument
-c
is primarily an equivalent to theCiphers
directive (while it can fall back to theCipher
). Quote from thessh
man page: