scp does not honor .ssh/config
6,915
I've found the culprit: it was a bash alias I created a few years ago and then forgot
alias scp='scp -c arcfour'
Shame on me
Related videos on Youtube
Author by
Andrea de Palo
Updated on September 18, 2022Comments
-
Andrea de Palo over 1 year
Used for a few years arcfour as default cipher for SSH2 connection in my ~/.ssh/config file
host namaka hostname localhost port 2022 ciphers arcfour IdentityFile ~/.ssh/virtualbox compression true StrictHostKeyChecking no user kermit
After an upgrade to Debian 8 I have discovered this cipher has been disabled from default ssh configuration and I was getting the following error
no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
So I changed my ~/.ssh/config to
host namaka hostname localhost port 2022 ciphers aes256-ctr IdentityFile ~/.ssh/virtualbox compression true StrictHostKeyChecking no user kermit
(notice the cipher aes256) and now my ssh connection are working again.
kermit@euroforce:~$ ssh kermit@namaka The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Jul 16 00:20:21 2015 from 10.0.2.2 kermit@namaka:~$
Unfortunately I am still getting the no matching cipher error when I try to do an scp
kermit@euroforce:~$ scp foo kermit@namaka:/tmp/ no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] lost connection
It seems scp has cached somewhere the previous cipher and does not want to use the new one.
Forcing the cipher from command line does work
kermit@euroforce:~$ scp -c aes256-ctr foo kermit@namaka:/tmp/foo2 foo 100% 0 0.0KB/s 00:00
Forcing the config file does not work
kermit@euroforce:~$ scp -C .ssh/config foo kermit@namaka:/tmp/foo2 no matching cipher found: client arcfour server aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] lost connection
Any clue?
-
Mat almost 9 yearsThe flag to pass a config file is
-F
, not-C
. (Don't know why it's not picking it up by default though.) -
Wouter Verhelst almost 9 yearsTry running scp with
-vvv
; that should tell you why it does that. -
Andrea de Palo almost 9 yearsThere you go link: even with
-F
the result does not change -
sebix almost 9 yearsWhy do you want to force the cipher at all? arcfour has been removed for security reasons.
-
Andrea de Palo almost 9 yearsI want to use a "lightweight" cipher to speed up my connection (especially when forwarding a X session). By the way: I am not asking help to use arcfour, I am asking why, even if I removed arcfour from my config, scp tries to use it (instead of aes)
-
-
AndrewS almost 8 yearsHow funny -- turns out I had done the same thing, only for ssh. I added it years ago to speed up local X11 forwarding.
-
Tom Hale about 7 yearsUsing
~/bin/scp
being a symlink tossh-ident
didn't help either.