SSH Cipher Error for Linux Red Hat

So I'm trying to use PuTTY (v0.5

on Win 7 to get to a Linux Red Hat Enterprise 5.10

PuTTY is throwing the following error:

PuTTY Fatal Error

Couldn't agree a client-to-server cipher (available: aes 128-ctr, aes192-ctr,aes256-ctr)

My /etc/hosts.allow file has my computer IP address in the file

ALL: 143.83.221.108

Under /etc/ssh/ssh_config I have the following entry under Host *

Ciphers aes128-ctr, aes192-ctr, aes256-ctr

And under /etc/sysconfig the iptables has the following entry for my computer

-A INPUT -s 143.83.221.108 -p tcp -m tcp --dport 22 -j ACCEPT

I can successfully ping, traceroute and log in via termainl from VMWare vSphere all ok, so I can reach the box...

I'm not sure what I am missing or what I need to be successful in using PuTTY from my Windows desktop to the Red Hat Linux box.

thanks

Find more posts tagged with

Comments

darkerosxx

Check your server settings in sshd_config.

JockVSJock

I check under /etc/ssh/sshd_config and have the following listed:

#ListenAddress:: 
MACS hmac-sha1 
Ciphers aes128-ctr,aes192-ctr,aes256-ctr

Checked the rest of the file and I don't see anything that really stands out or would point to the issue...

darkerosxx

Ahh, I thought you meant the other ssh_config earlier. I haven't seen this before. Try playing around with your putty settings and flipping a few switches, see if anything gets it to work.

NightShade03

You are a few version behind on PuTTy...the current version 0.63. I would try updating your putty client and then attempt to reconnect.

JockVSJock

Good point.

I will have to talk to my manager and info sec manager and see if I can upgrade PuTTY.

JockVSJock

Haven't upgraded PuTTY yet.

We tested a few of the ip addresses that I can't get to from my desktop, and my co-worker can get to them ok without the cert error.

Could this be a Certificate error?

If so, I'm not sure how to proceed with this. Other then pulling them up on the Windows 7 box (Start > Run > MMC > Add/Remove Snap-In >Certs)

Mitechniq

Oh no, using Putty 5.0 will never work and I hope this is not installed on a DOD network (don't answer that)... It is not until 5.9 where the CTR layer encryption mode was available to Putty....like the previous people have said...'UPDATE' and that should fix your issue...

JockVSJock

Mitechniq wrote: »

Oh no, using Putty 5.0 will never work and I hope this is not installed on a DOD network (don't answer that)... It is not until 5.9 where the CTR layer encryption mode was available to Putty....like the previous people have said...'UPDATE' and that should fix your issue...

The STIG that I found shows that v6.0 is allowed, the only issue now is finding the software. I've got the desktop team looking for it.

Mitechniq

That is the last Version (6.0) we used before we went to SecureCRT, I still have a copy of it if needed. Just PM me and I can send it to you through Army 'Safe Access File Exchange'...

JockVSJock

Mitechniq wrote: »

That is the last Version (6.0) we used before we went to SecureCRT, I still have a copy of it if needed. Just PM me and I can send it to you through Army 'Safe Access File Exchange'...

PM sent.

Thanks in advance.

JockVSJock

Upgrading PuTTY from v5.8 to v6 solved the issue.

thanks