Reset Search
 

 

Article

WiNG v5 SYSLOG event "%AUTH-2-CRIT: sshd[25710]: fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr [preauth]" explanation.

« Go Back

Information

 
TitleWiNG v5 SYSLOG event "%AUTH-2-CRIT: sshd[25710]: fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr [preauth]" explanation.
Question
WiNG v5 SYSLOG event "%AUTH-2-CRIT: sshd[25710]: fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr [preauth]" explanation, when SSH fails to establish connection with WiNG5 devices using 3rd party emulator software that supports old/weak ciphers. 
Environment
  • WirelessWiNG
  • WiNG v5
  • WiNG5
  • RFS6010
  • RFS7010
  • RFS4010
  • NX9XXX
  • NX75XX
  • NX75XX-E
  • NX65XX
  • NX45XX
  • NX55XX
  • NX55XX-E
  • AP8432
  • AP8533
  • AP82XX
  • AP8132
  • AP7522
  • AP7532
  • AP7502
  • AP7502-E
  • AP7522-E
  • AP7602
  • AP7622
  • AP7131
  • AP7161
  • AP6521
  • AP6522
  • AP650
  • AP621
  • AP622
Answer
Based on the syslog event referenced for this article, the ciphers for the client are “ aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc”,
which can be seen in the syslog event and the supported server (WiNG5 devices) ciphers are “aes128-ctr,aes192-ctr,aes256-ctr”.

On the ssh client side (3rd party emulator) ensure that supported ciphers are being used. You may need to consult with the 3rd party emulator vendor
documentation/specification sheets and/or upgrade to the latest version of the emulator software. WiNG5 devices do not support CBC ciphers for
SSH because they have security vulnerabilities.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255