Hi,
Our most of servers are on Solaris 11.2 (with no SRU). Recently I upgraded one of them to Solaris 11.4. It has to go in multiple steps, as it can not jump fro 11.2 to 11.4 in one go. After upgrading, I can not login to server with SecureCRT and it through error
key exchange failed: cipher not compatible
One of the link on internet tells me about SecureCRT that I have:
AES-128
AES-192
AES-256
But it is looking for :
AES-128-CTR
AES-192-CTR
AES-256-CTR
I noticed that SSH was upgraded on server (Sun_SSH_2.2 to OpenSSH_7.7p1) and latest update of Oracle says "The default set of ciphers and MACs has been altered to remove unsafe algorithms. You can use the following commands to list all supported ciphers". and here is output:
# ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
#
That means my SecureCRT is old and not compatible with current solaris version. Due to management budget issues, it may probably take some time to spend money on getting latest SecureCRT.
- Is there any bypass/alternate, which should be be used to login for time-being ?
Any advice would be helpful for me to read further.
Thanks