I am using the openssh client on windows 10. It usually works fine but there are some machines which won't allow me to connect. As a workaround I can connect to these machines by using another ssh client like putty or teraterm, but I would really like to standardize on the windows ssh client.
Here's what happens:
C\U\t> ssh [email protected]
Unable to negotiate with 10.100.149.86 port 22: no matching cipher found.
Their offer: 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,
cast128-cbc,arcfour,arcfour128,arcfour256
Presumably, this means that the machine I am trying to connect to is expecting only certain types of ciphers, and it has kindly listed them for me.
That (reasonably?) leads me to think I can configure my client to just accept any/all of those ciphers. Googling around I find that I can specify ciphers in my user's ~/.ssh/config
file.
So I create and edit a config file with the following content...
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,cast128-cbc,arcfour,arcfour128,arcfour256
My expectation is that the above line in my ~/.ssh/config will allow my ssh client to work with the ciphers the remote machine is offering.
Does it? No! Here's what happens...
C\U\t> ssh [email protected]
C:\\Users\\someuser/.ssh/config line 1: Bad SSH2 cipher spec '3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,cast128-cbc,arcfour,arcfour128,arcfour256'.
After this I tried various other permutations of the Ciphers
line in my ssh config, omitting some ciphers, replacing "," with " ", etc. Nothing worked.
How can I fix this? I don't understand what is going on.
FWIW, the remote machine is just a terminal server. I suppose I could update its firmware but I would rather not mess around with that unless I have to. I only know that ssh encrypts communication, the actual cipher names are just gibberish to me. I understand that some are stronger than others but it is too much of a rabbit-hole to go down when I just want to get my work done.