User Tools

Site Tools


aix:aix_ssh_howto

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
aix:aix_ssh_howto [2024/08/09 20:58]
manu [Disable SSH prompt]
aix:aix_ssh_howto [2025/01/15 23:25] (current)
manu [List ciphers and Macs on client]
Line 294: Line 294:
 </​cli>​ </​cli>​
  
 +==== Add timeout ====
 +
 +If an host doesn'​t answer, the timeout will stop the connexion
 +<cli prompt='#'>​
 +#  ssh -o ConnectTimeout=10 $i uname
 +</​cli>​
 ==== Boost ssh connection ==== ==== Boost ssh connection ====
  
Line 309: Line 315:
 sys    0m0.00s sys    0m0.00s
 </​cli>​ </​cli>​
 +
 +
 +==== Bad cipher or MAC ====
 +
 +I can specify the cipher and the MAC:
 +  ssh <​user@ip>​ -c aes256-cbc -m hmac-sha1
 +
  
 ==== no matching host key type found ==== ==== no matching host key type found ====
Line 355: Line 368:
 </​code>​ </​code>​
  
-==== Disable SSH prompt ​====+==== Error: hostfile_replace_entries ​====
  
  
Line 376: Line 389:
  
 Use ssh command with **-t** option Use ssh command with **-t** option
 +
 +==== SCP Connection closed ==== 
 +
 +Use the option **-O** tells SCP to use legacy SCP protocol for file transfers
 +<cli prompt='#'>​
 +[root@aix001]/​root/​scripts#​ scp  count_path.sh padmin@vios01:/​tmp
 +scp: Connection closed
 +[root@aix001]/​root/​scripts#​ scp -O  count_path.sh padmin@vios01:/​tmp
 +count_path.sh ​                                       100% 1972     ​1.9MB/​s ​  00:00
 +</​cli>​
 +
 +**Note:** Since OpenSSH 8.8 the scp utility uses the SFTP protocol by default. The -O option must be used to use the legacy SCP protocol.
 +
 +==== List ciphers and Macs on client ==== 
 +
 +
 +  * Ciphers: ssh -Q cipher
 +  * MACs: ssh -Q mac
 +  * KexAlgorithms:​ ssh -Q kex
 +  * PubkeyAcceptedKeyTypes:​ ssh -Q key
 +
 +You can also remotely probe a ssh server for its supported ciphers with recent nmap versions:
 +<cli prompt='#'>​
 +# nmap --script ssh2-enum-algos -sV -p <​port>​ <​host>​
 +</​cli>​
 +
 +<cli prompt='#'>​
 +[root@vios]/​etc/​ssh#​ ssh -Q cipher
 +3des-cbc
 +aes128-cbc
 +aes192-cbc
 +aes256-cbc
 +aes128-ctr
 +aes192-ctr
 +aes256-ctr
 +aes128-gcm@openssh.com
 +aes256-gcm@openssh.com
 +chacha20-poly1305@openssh.com
 +
 +[root@vios]/​etc/​ssh#​ ssh -Q mac
 +hmac-sha1
 +hmac-sha1-96
 +hmac-sha2-256
 +hmac-sha2-512
 +hmac-md5
 +hmac-md5-96
 +umac-64@openssh.com
 +umac-128@openssh.com
 +hmac-sha1-etm@openssh.com
 +hmac-sha1-96-etm@openssh.com
 +hmac-sha2-256-etm@openssh.com
 +hmac-sha2-512-etm@openssh.com
 +hmac-md5-etm@openssh.com
 +hmac-md5-96-etm@openssh.com
 +umac-64-etm@openssh.com
 +umac-128-etm@openssh.com
 +</​cli>​
 +
 +==== Connection slow ====
 +
 +Check using **ssh -vvv <​hostname>​**,​ if it hangs on 
 +  debug1: Next authentication method: gssapi-with-mic
 +
 +Change the following parameter in the file **/​etc/​ssh/​sshd_config**
 +    GSSAPIAuthentication no
 +  ​
 +FIXME On some new Linux versions, check also the files located in the folder **/​etc/​ssh/​sshd_config.d/​**
  
aix/aix_ssh_howto.1723229889.txt.gz ยท Last modified: 2024/08/09 20:58 by manu