Here are some change log entries confirming my suspicion: openssh (1:7.4p1-1) unstable; urgency=medium
* New upstream release (http://www.openssh.com/txt/release-7.4): - ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like SWEET32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the default configuration, but it's highly likely that such devices already need explicit configuration for key exchange and hostkey algorithms already anyway. openssh (1:7.3p1-1) unstable; urgency=medium * New upstream release (http://www.openssh.com/txt/release-7.3): - SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle countermeasures. Note that CBC ciphers are disabled by default and only included for legacy compatibility. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1771359 Title: No matching cipher found even if client and server have matching cipher Status in openssh package in Ubuntu: Incomplete Bug description: Since Bionic upgrade (from Artful) I encounter problem to call HP switch with SSH. After the upgrade, trying to ssh some switch give me this message : $ ssh 192.168.0.1 Unable to negotiate with 192.168.0.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,des-cbc So, I look for supported cipher : $ ssh -Q cipher 3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-...@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-...@openssh.com aes256-...@openssh.com chacha20-poly1...@openssh.com I see that aes128-cbc seem both supported. So I try... : $ ssh -c aes128-cbc 192.168.0.1 ...and It's work ! Workaround : I've added “ciphers aes128-cbc” to ~/.ssh/config file for each switch I manage. The ssh-client should detect automatically the good cipher ? No ? Thank you for your attention. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssh-client 1:7.6p1-4 ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17 Uname: Linux 4.15.0-20-generic x86_64 ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 CurrentDesktop: GNOME Date: Tue May 15 15:39:00 2018 EcryptfsInUse: Yes ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=fr_FR.UTF-8 SHELL=/bin/bash RelatedPackageVersions: ssh-askpass N/A libpam-ssh N/A keychain N/A ssh-askpass-gnome 1:7.6p1-4 SSHClientVersion: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017 SourcePackage: openssh UpgradeStatus: Upgraded to bionic on 2018-04-24 (21 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771359/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
