Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

New-SSHSession not working against certain ciphers

See original GitHub issue

Hi,

I’ve inherited and environment of ESXi hosts where thy are running a special list of ciphers in sshd_config of each ESXi host. The list is below

KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512

I cannot establish SSH connection using new-sshsession from posh-ssh 2.3.0, PS 5.1 and Windows 2019 server. As soon as I comment out these lines I am able to connect. Is there anything that can be done for POSH-SSH to support the algo’s above?

Thanks, ionut

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:17 (10 by maintainers)

Top GitHub Comments

1reaction

darkoperatorcommented, Sep 4, 2021

Yes

Sent from my iPhone

On Sep 4, 2021, at 3:44 PM, Peter Bosgraaf @.***> wrote:

Hi,

Not trying to hijack the thread, but I’m facing the same issue and just wanted to check upon this issue. Since posh-ssh 3.0 is out already, did the new ssh.net lib with the new cyphers got included in the final release? In other words, do you feel it should work now?

My esx host supports:

KexAlgorithms ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256

Ciphers @.*** @.*** aes256-ctr aes192-ctr aes128-ctr

MACs hmac-sha2-256 hmac-sha2-512

Most of these cyphers are listed on ssh.net as supported: https://github.com/sshnet/SSH.NET

Thanks!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

0reactions

mikemayopscommented, Mar 15, 2023

@darkoperator Oh I see. I’ll have to reach out to the vendor then since its cloud hosed. Thanks!

Top Results From Across the Web

Disable weak ciphers on ESXi using PowerCLI

Hi All, Is there a way to disable the weak ciphers on ESXi using PowerCLI ? ... #check status of SSH servcie, start...

How to Troubleshoot SSH Protocol Issues

To resolve this issue, you need to customize the supported ciphers in your SSH client. Solutions. Clearing Out Host Keys from Known Hosts....

13.6 ssh Command Line Options

Specifies one or more (comma-separated) encryption algorithms supported by the client. The cipher used for a given session is the cipher highest in...

SSH: How to disable weak ciphers?

How to disable a weak ssh cipher,100% working tested on Fedora 29. The problem: Nessus report my samba4 server use not strong ciphers...

How to allow or block TLS and SSH ciphers using the ...

DPI-SSL – Cipher X is no longer a part of the TLS context and is not a part of the client advertised ciphers...