This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: SFTP Cipher Mismatch
- From: Marco Atzeri <marco dot atzeri at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 06 Jan 2015 16:59:01 +0100
- Subject: Re: SFTP Cipher Mismatch
- Authentication-results: sourceware.org; auth=none
- References: <CAARiEzdZwOh8BrB0HpoFZ-Xz5Qcdiy_ARnhHf3jStgOOdRPrug at mail dot gmail dot com>
On 1/6/2015 2:47 PM, Chris Johnston wrote:
Hello,
I am attempting to set up Cygwin for Ciscoâs Disaster Recovery System
(9. 1.2.10000-28) to run SFTP backups through. I have followed this
guide that I found through online searches
(https://supportforums.cisco.com/sites/default/files/legacy/0/3/2/41230-Cygwin%20Setup.pdf)
and think I have everything set up correctly. I can use Filezilla
through port 22 and the user account I set up through the Cygwin
terminal to access the server Iâd like to back up to. However when I
attempt to set up the DRS on Ciscoâs site I get an error message
saying that âUpdate Failed: Unable to access SFTP server. Please
ensure the Username and Password are correct.â
I know what youâre thinking, âThis is a Cisco Question, this guy sent
to the wrong listâ. Well I talked to Cisco TAC and after the run
around they said to reach out to you folks because our CUCM is sending
in aes-128-cbc, whereas Cygwin is replying back with aes-128-ctr,
which they say is a mismatch and causing my problem. I checked my
ssh_config and aes128-cbc is listed under Ciphers. Is there a way to
change how Cygwin is replying? When searching I havenât found a clear
command that lets me change the default. Ciscoâs suggestion was...
To check if aes-128-cbc is enable , go to C:\cygwin\etc\sshd_config
and check if the following line is there:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,aes128-cbc
aes-128-ctr is the first reported on my config
eventually it is used as default;
have you tried to put only a single line
Ciphers aes128-cbc
and check if that works ?
If the line is there make sure you have aes128-cbc in there
...There was not a line specifying aes128-cbc in SSHD_Config, but as I
understand it that means it would go to the default which was in the
SSH_Config, which did include aes128-cbc. Ciscoâs suggestion of copy
and pasting that line in the sshd_config didnât work. Any help would
be greatly appreciated.
All the best,
cojohnst
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple