What does this error mean - "No matching CIPHER found"?

perl unix ssh
17,905

Solution 1

It means exactly what it says:

No matching cipher found:

The SSH server you're connecting to cannot or will not support any of the ciphers that your SSH client knows.

client 3des-cbc,blowfish-cbc,arcfour

Your client could use 3DES or Blowfish in CBC mode, or the RC4 stream cipher. All of these are fairly old ciphers, although they're still considered secure if used correctly.

server aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc

The server will only use AES (with any of the three standard key sizes) in CTR or CBC modes. Since your client can't or won't use AES, the server and the client have no ciphers in common. Basically, they don't speak any common language, and so cannot communicate properly.

at /usr/lib/perl5/site_perl/5.8.8/Net/SSH/Perl/SSH2.pm line 92

Based on this part of the error message, it seems that you're using the Net::SSH::Perl module. Alas, according to the documentation, Net::SSH::Perl just plain doesn't support AES, so you're not going to be able to use it to talk to this server (unless AES support is added in some later version, of course). Sorry.

In the comments, you say that you're actually using Net::SFTP, which is then using Net::SSH::Perl internally. If so, you might want to consider switching to either Net::SFTP::Foreign (which has a compatibility wrapper for Net::SFTP) or Net::SSH2::SFTP. The downside (if you consider it such) is that neither of these is a pure-Perl module: Net::SFTP::Foreign requires an external ssh command to be installed, while Net::SSH2::SFTP needs the external libssh2 library.

Solution 2

I am not sure how in Perl the configuration is done, but there is a simple fix if you use the Linux native ssh. Here is the solution:

Linux ssh client can be configured to use one of the allowed ciphers on the server. One way to do it is to modify ~/.ssh/config with this:

Host gitlab.com
     Ciphers aes256-ctc

I am sure there is similar configuration in the Perl module usage.

Solution 3

This is a message from the Net::SSH::Perl::Kex module. It is generated when the choose_ciph method of a Net::SSH::Perl::Kex object is called. Essentially the client/server dialogue that establishes the parameters of the communication has found no solution that is acceptable to both parties

If you show your code and can give details of the server system then we can help further

Share:
17,905
Amareesh
Author by

Amareesh

Updated on June 06, 2022

Comments

  • Amareesh
    Amareesh almost 2 years

    Although I'm OK in PERL, this below error is new for me and I'm not exactly aware of why it is occurring. Can some one let me understand why this error occurs and how to fix this?
    Is this similar to like some Module is missing?

    No matching cipher found: client 3des-cbc,blowfish-cbc,arcfour server aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc at /usr/lib/perl5/site_perl/5.8.8/Net/SSH/Perl/SSH2.pm line 92
  • Borodin
    Borodin almost 9 years
    "The SSH server you're connecting to cannot or will not support any of the ciphers that your SSH client knows" There is more to the key exchange than agreeing on a cipher. "This error comes from the Net::SSH::Perl::SSH2 module". No it doesn't, except indirectly -- you may as well say that the error comes from the OP's prgram. It is the key exchange module Net::SSH::Perl::Kex that generates this message.
  • Ilmari Karonen
    Ilmari Karonen almost 9 years
    @Borodin: The error message specifically says "No matching cipher found". There certainly is more to SSH connection setup than agreeing on a cipher, but that's what the error is about. As for the source of the message, technically, you're right, but it doesn't really make much difference. What matters is that it's coming from within the Net::SSH::Perl distribution, which, in particular, tells us that the OP is using that module, rather than one of the various other Perl SSH client implementations out there.
  • Borodin
    Borodin almost 9 years
    I mostly agree, but that isn't what you said in your answer which is misleading. If it doesn't make much difference then why did you ascribe it to the wrong module at all?
  • Ilmari Karonen
    Ilmari Karonen almost 9 years
    @Borodin: Because I didn't bother to read the source code, and thus didn't realize that it was produced by a (poorly used) croak instead of a plain old die. Anyway, I already edited my answer to mention the actual source of the message, and even credited you for the correction.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

understanding and decoding the file mode value from stat function output
"reject HostKey" when connecting to remote host through jumphost with JSch
SED command not working in perl script
Execute Perl script on remote server from local machine
SSHAuthenticationExcetion :No suitable authentication method found to complete authentication
running multiple commands through ssh and storing the outputs in different files
ssh to another server with different username
How can I launch multiple xterm windows and run a command on each, leaving each window open afterward?
What's the difference between various $SIG{CHLD} values?
how to make SSH command execution to timeout