scp does not honor .ssh/config
6,915
I've found the culprit: it was a bash alias I created a few years ago and then forgot
alias scp='scp -c arcfour'
Shame on me
Related videos on Youtube
15 : 46
Linux/Mac Tutorial: SSH Key-Based Authentication - How to SSH Without a Password
06 : 56
Command Line Basics 6: Using SSH and SCP
16 : 58
How To Setup an SSH Config File
04 : 01
SCP or SSH without password in Linux
09 : 15
SSH03 - Lệnh SCP (secure copy), upload và download các file tới Server bằng giao thức SSH
02 : 04
Unix & Linux: scp does not honor .ssh/config
Author by
Andrea de Palo
Updated on September 18, 2022Comments
-
Andrea de Palo over 1 year
Used for a few years arcfour as default cipher for SSH2 connection in my ~/.ssh/config file
host namaka hostname localhost port 2022 ciphers arcfour IdentityFile ~/.ssh/virtualbox compression true StrictHostKeyChecking no user kermitAfter an upgrade to Debian 8 I have discovered this cipher has been disabled from default ssh configuration and I was getting the following error
no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]So I changed my ~/.ssh/config to
host namaka hostname localhost port 2022 ciphers aes256-ctr IdentityFile ~/.ssh/virtualbox compression true StrictHostKeyChecking no user kermit(notice the cipher aes256) and now my ssh connection are working again.
kermit@euroforce:~$ ssh kermit@namaka The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Jul 16 00:20:21 2015 from 10.0.2.2 kermit@namaka:~$Unfortunately I am still getting the no matching cipher error when I try to do an scp
kermit@euroforce:~$ scp foo kermit@namaka:/tmp/ no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] lost connectionIt seems scp has cached somewhere the previous cipher and does not want to use the new one.
Forcing the cipher from command line does work
kermit@euroforce:~$ scp -c aes256-ctr foo kermit@namaka:/tmp/foo2 foo 100% 0 0.0KB/s 00:00Forcing the config file does not work
kermit@euroforce:~$ scp -C .ssh/config foo kermit@namaka:/tmp/foo2 no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] lost connectionAny clue?
-
Mat almost 9 yearsThe flag to pass a config file is-F, not-C. (Don't know why it's not picking it up by default though.) -
Wouter Verhelst almost 9 yearsTry running scp with
-vvv; that should tell you why it does that. -
Andrea de Palo almost 9 yearsThere you go link: even with
-Fthe result does not change -
sebix almost 9 yearsWhy do you want to force the cipher at all? arcfour has been removed for security reasons.
-
Andrea de Palo almost 9 yearsI want to use a "lightweight" cipher to speed up my connection (especially when forwarding a X session). By the way: I am not asking help to use arcfour, I am asking why, even if I removed arcfour from my config, scp tries to use it (instead of aes)
-
-
AndrewS almost 8 yearsHow funny -- turns out I had done the same thing, only for ssh. I added it years ago to speed up local X11 forwarding.
-
Tom Hale about 7 yearsUsing~/bin/scpbeing a symlink tossh-identdidn't help either.
