Please note that VisualCron support is not actively monitoring this community forum. Please use our contact page for contacting the VisualCron support directly.


GDC IT Support
2019-05-23T08:51:28Z
Hello @ Support,
due to security reasons we've hardened our servers - but in VisualCron the ciphers are too weak and we don't get a connection anymore.
Are there any possibilities to add ciphers like
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA
AES128-SHA
or stronger?

Actually I get an error: Ssh Session To 172.x.x.x Unsuccessful (Ssh client error code : 7) which is:
ERROR_SSH_UNSUPPORTED_CIPHER 7 (0x0007) There is no cipher supported by both: client and server

Regards, Martin
Sponsor
Forum information
Support
2019-05-24T15:02:25Z
You can change Encryption ciphers in the Connection->Encryption tab.
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
GDC IT Support
2019-05-27T06:45:49Z
In a SSH connection there are no hardened ciphers available. In a FTP TLS connection there are a couple of ECDHE-RSA or DHE-RSA ciphers, but in a SSH only some weak 3des, aes or serpent and twofish.

Regards, Martin
Support
2019-05-27T13:00:05Z
Originally Posted by: GDC IT Support 

In a SSH connection there are no hardened ciphers available. In a FTP TLS connection there are a couple of ECDHE-RSA or DHE-RSA ciphers, but in a SSH only some weak 3des, aes or serpent and twofish.

Regards, Martin



I am not sure what you mean, you have 100s of ciphers available for setting in the Connection. For example AES256 which should be more than enough.
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
GDC IT Support
2019-05-29T11:42:46Z
Support
2019-05-29T12:58:15Z
We got it but is not AES256 enough for you? What are you searching for?
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
GDC IT Support
2019-05-29T14:17:47Z
We're using network appliances which require ECDHE-RSA-AES128-SHA or DHE-RSA-AES128-SHA or stronger.
And I have to accept, that visualcron does not fulfill this.
Regards, Martin
Support
2019-05-30T12:40:38Z
Originally Posted by: GDC IT Support 

We're using network appliances which require ECDHE-RSA-AES128-SHA or DHE-RSA-AES128-SHA or stronger.
And I have to accept, that visualcron does not fulfill this.
Regards, Martin



We definitely support stronger. But it would be interesting to see if you used FileZilla to connect to this server what encryption algorithm it would select. Turn on Verbose debugging and connect. Then send the output to support@visualcron.com
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
GDC IT Support
2019-05-31T13:38:29Z
Hello Henrik,

Testing with Filezilla makes no sense. Because I dont want to connect using SFTP (aka SSH File Transport Protocol) and transfer some files. I want to connect with SSH and execute some commands on the remote server.

Putty connects without any probs:
Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT)
Incoming packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT)
Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Outgoing packet #0x1, type 30 / 0x1e (SSH2_MSG_KEX_ECDH_INIT)
Incoming packet #0x1, type 31 / 0x1f (SSH2_MSG_KEX_ECDH_REPLY)
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Incoming packet #0x2, type 21 / 0x15 (SSH2_MSG_NEWKEYS)
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Outgoing packet #0x3, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
Incoming packet #0x3, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
Outgoing packet #0x4, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
...

Any hints?
Regards, Martin
Support
2019-06-03T13:37:57Z
Originally Posted by: GDC IT Support 

Hello Henrik,

Testing with Filezilla makes no sense. Because I dont want to connect using SFTP (aka SSH File Transport Protocol) and transfer some files. I want to connect with SSH and execute some commands on the remote server.

Putty connects without any probs:
Outgoing packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT)
Incoming packet #0x0, type 20 / 0x14 (SSH2_MSG_KEXINIT)
Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Outgoing packet #0x1, type 30 / 0x1e (SSH2_MSG_KEX_ECDH_INIT)
Incoming packet #0x1, type 31 / 0x1f (SSH2_MSG_KEX_ECDH_REPLY)
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Incoming packet #0x2, type 21 / 0x15 (SSH2_MSG_NEWKEYS)
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Outgoing packet #0x3, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
Incoming packet #0x3, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
Outgoing packet #0x4, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
...

Any hints?
Regards, Martin



The reason we suggested filezilla was because we know that it produces the right output. But this should work as well.

Encryption algorithm:
AES256 CTR

MAC algorithm:
HMAC-SHA2-256

KEX Algorithm:
ECDH-SHA2-CURVE25519
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
Users browsing this topic
Scroll to Top