Thursday, October 30, 2014

SSH - no matching cipher found

Edit: Please do your research, this may re-introduce vulnerable ciphers -- i don't have time to be safe. lmao.  
Please reference

After a recent update of either Debian testing (Jessie) or OSX (Mavericks), I could no longer SSH from OSX into my Debian testing boxes.
I really don't know which OS update was at fault, but when I tried to SSH into my Debian testing boxes, i received the following message:
no matching cipher found: client blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr,,,
I can't have that -- my daughter needed to play on the minecraft server and she NEEDED TO PLAY NOW!
What this told me is that that my client (OSX) expected blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc but my server (Debian) supported aes128-ctr,aes192-ctr,aes256-ctr,,,
That sucks; stupid computer! (Wow, had not said that once since leaving Windows®)
Via web searches, I found that I could force a cipher like so: ssh -c aes128-ctr username@hostname so i did successfully. (I could just as well used ssh -c none username@hostname, but that's risky)
Once logged into my Debian box(es), I edited the ssh daemon config:
sudo nano /etc/ssh/sshd_config
and added the following to the bottom:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,,,,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
As you can see, since I didn't know if there is an order of preference or not, I erred on the safe side and added the previously supported server ciphers before the client's expected ciphers.
Afterward I had to restart and verify the SSH Daemon:
sudo service sshd restart ; sudo service sshd status
On my OSX client, I tried to SSH and it complained WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! .. Oh my lord the world will end.
An easy fix was ssh-keygen -R hostname, where hostname was my Debian's hostname or IP obviosuly.
Now it worked as expected (and should have never failed in the first place).
But Daddy, you forgot the minecraft server... START THE MINECRAFT SERVER NOW!
As always, good luck!

Please comment or tip me or use any/all of my affiliate links; Thank YOU!

Coolest nerd tech ever:

Thursday, October 2, 2014

git pull all your .gits

I'll provide this commandline with the terms that I am not responsible for any screw-ups due to it. (caveat: if your local repo specifies to merge, it will attempt merge or maybe warn.)

Find all your .gits and git pull each project:
find ~/ -type d -name ".git" -exec git -C '{}/..' pull \;

If you prefer to actually see which are updating, try:
find ~/ -type d -name ".git" -exec echo "{}" \; -exec git -C '{}/..' pull \; -exec echo "" \;

good luck!