Thursday, October 30, 2014

SSH - no matching cipher found

Edit: Please do your research, this may re-introduce vulnerable ciphers -- i don't have time to be safe. lmao.  
Please reference https://stribika.github.io/2015/01/04/secure-secure-shell.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After a recent update of either Debian testing (Jessie) or OSX (Mavericks), I could no longer SSH from OSX into my Debian testing boxes.
I really don't know which OS update was at fault, but when I tried to SSH into my Debian testing boxes, i received the following message:
no matching cipher found: client blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
I can't have that -- my daughter needed to play on the minecraft server and she NEEDED TO PLAY NOW!
What this told me is that that my client (OSX) expected blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc but my server (Debian) supported aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
That sucks; stupid computer! (Wow, had not said that once since leaving Windows®)
Via web searches, I found that I could force a cipher like so: ssh -c aes128-ctr username@hostname so i did successfully. (I could just as well used ssh -c none username@hostname, but that's risky)
Once logged into my Debian box(es), I edited the ssh daemon config:
sudo nano /etc/ssh/sshd_config
and added the following to the bottom:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
As you can see, since I didn't know if there is an order of preference or not, I erred on the safe side and added the previously supported server ciphers before the client's expected ciphers.
Afterward I had to restart and verify the SSH Daemon:
sudo service sshd restart ; sudo service sshd status
On my OSX client, I tried to SSH and it complained WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! .. Oh my lord the world will end.
An easy fix was ssh-keygen -R hostname, where hostname was my Debian's hostname or IP obviosuly.
Now it worked as expected (and should have never failed in the first place).
-end-
But Daddy, you forgot the minecraft server... START THE MINECRAFT SERVER NOW!
~~~
As always, good luck!

Please comment or tip me or use any/all of my affiliate links; Thank YOU!








Coolest nerd tech ever:

 http://amzn.to/2BFbtM5



Thursday, October 2, 2014

git pull all your .gits

I'll provide this commandline with the terms that I am not responsible for any screw-ups due to it. (caveat: if your local repo specifies to merge, it will attempt merge or maybe warn.)


Find all your .gits and git pull each project:
find ~/ -type d -name ".git" -exec git -C '{}/..' pull \;

If you prefer to actually see which are updating, try:
find ~/ -type d -name ".git" -exec echo "{}" \; -exec git -C '{}/..' pull \; -exec echo "" \;

good luck!
---