No matching cipher found even if client and server have matching cipher

Asked by Joseph Maillardet on 2018-05-15

Since Bionic upgrade (from Artful) I encounter problem to call HP switch with SSH.

After the upgrade, trying to ssh some switch give me this message :

$ ssh 192.168.0.1
Unable to negotiate with 192.168.0.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,des-cbc

So, I look for supported cipher :

$ ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
<email address hidden>
aes128-ctr
aes192-ctr
aes256-ctr
<email address hidden>
<email address hidden>
<email address hidden>

I see that aes128-cbc seem both supported. So I try... :

$ ssh -c aes128-cbc 192.168.0.1

...and It's work !

Workaround :

I've added “ciphers aes128-cbc” to ~/.ssh/config file for each switch I manage.

The ssh-client should detect automatically the good cipher ? No ?

Thank you for your attention.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssh-client 1:7.6p1-4
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: GNOME
Date: Tue May 15 15:39:00 2018
EcryptfsInUse: Yes
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
RelatedPackageVersions:
 ssh-askpass N/A
 libpam-ssh N/A
 keychain N/A
 ssh-askpass-gnome 1:7.6p1-4
SSHClientVersion: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
SourcePackage: openssh
UpgradeStatus: Upgraded to bionic on 2018-04-24 (21 days ago)

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Last query:
2018-05-15
Last reply:
2018-06-02
Joseph Maillardet (jokx) said : #1

It's not a bug !

Launchpad Janitor (janitor) said : #2

This question was expired because it remained in the 'Open' state without activity for the last 15 days.