Hello, Thanks everyone for your responses. I got to give this one to Vandyke they got it. What I did was uninstalled my version of SecureCRT and installed the 8.5.4 demo, worked fine. Here's the thing, my original user-profile stored security settings stayed the same, so 8.5.4 used my previously-working config without making a new one. The solution was in my case to shutdown SecureCRT, and rename %appdata%\vandyke\config to a backup folder name, then restart SecureCRT, it then acted as if the config folder had never been made and set it up, with the more up-to-date protocol settings. Thanks again. Dave. On 6/4/19, Chris Nestrud <ccn@chrisnestrud.com> wrote:
Before you connect with SecureCRT, go to the file menu and enable "Trace Options". When you try to connect, this should show the protocol negotiation in your buffer. If the important information isn't visible, you can use the Edit menu to copy the buffer to the clipboard then paste into notepad for easier review. Reviewing this information may give a clue as to why SecureCRT is unable to connect.
Chris
On Mon, Jun 03, 2019 at 11:11:08PM -0400, David Mehler wrote:
Hello,
It's been a long day, so apologies if this message has already been sent, or I might have just thought about doing so.
To any users of SecureCRT 8.x.x 8.5.4 would be best, but i'll take anyone running any 8.x version, and who is connecting to a Linux/Unix Openssh 7.6 to 7.8 server, again 7.8 prefered, I've got a security question for you. What does your configuration on SecureCRT look like and the server configuration your connecting to? I'm trying to get the below working with SecureCRT. This is a snipet of my sshd configuration:
# Modern configuration HostKey /etc/ssh/ssh_host_ed25519_key HostKeyAlgorithms ssh-ed25519 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 # also added curve25519-sha256 didn't solve the issue MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
# Ciphers and keying Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
Whenever I have this configuration enabled and atempt to connect with SecureCRT 8.5.4, I get a message that a key exchange algorithm could not be established and it shows the algorithms the server supports, the entries in the KexAlgorithm line above. Now googling led me to this faq which tells me that the above key exchange algorithms should most definitely be working:
https://forums.vandyke.com/showthread.php?t=13272
On the Securecrt side: under edit default session, ssh2, key exchange list box unmodified under edit default session, ssh2, advanced, cipher listbox, mac listbox, both unmodified
I am perplexed. I'm trying to tighten down my sshd configuration make it use more modern Ciphers, Protocols, Macs, and key exchanges. I'm using this as a guide only:
https://stribika.github.io/2015/01/04/secure-secure-shell.html
if anyone has this specific configuration going, or has suggestions on securing/hardening/tightening please let me know.
Thanks. Dave.
On 6/3/19, Andrew Hodgson <andrew@hodgson.io> wrote:
Hi,
They've also included Curl!
Andrew.
-----Original Message----- From: Billy Irwin <billy.irwin@outlook.com> Sent: 03 June 2019 20:42 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Windows ssh Client
Guys,
I thought I would also share that scp is in the command prompt as well. It is nice that this is included now. I still like WinSCP too though.
Best,
billy
-----Original Message----- From: Simon Eigeldinger <simon.eigeldinger@vol.at> Sent: Sunday, June 2, 2019 12:28 PM To: blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] Re: Windows ssh Client
Hi Dave,
They basically compiled OpenSSH to windows. In the old days i did that myself. though they seem to use an older version of LibreSSL.
Greetings, Simon
Am 02.06.2019 um 16:41 schrieb David Mehler:
Hello Everyone,
Thanks for your replies. Honestly I've never had a lot of success using Putty, getting it to focus or track what i'm doing especially in a file I'm trying to edit, this is a welcome change.
Is this client Microsoft's own implementation or did they bundle Openssh with windows? And can it handle multiple authentication types, public key, password etc
Thanks. Dave.
On 6/2/19, Andrew Hodgson <andrew@hodgson.io> wrote:
Hi,
I didn't know about this either, but it comes with Windows now either with version 1809 or 1903. Won't be using Putty from now on.
Andrew.
-----Original Message----- From: David Mehler <dave.mehler@gmail.com> Sent: 01 June 2019 15:16 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Windows ssh Client
Hi,
What built in ssh client?
Thanks. Dave.
On 6/1/19, Bill Dengler <codeofdusk@gmail.com> wrote:
What about the built-in ssh client?
Bill
Sent from my iPhone
> On Jun 1, 2019, at 09:04, David Mehler <dave.mehler@gmail.com> > wrote: > > Hello, > > I'm using SecureCRT Version 6.2.3, I know that's quite old, but > until I went and atempted to harden my vps server's Openssh 7.8 > setup it worked fine. This version does not support the more > modern/advanced cryptographic hashes, macs, and kex algorithms. This > I > need to change. > > I've tried SecureCRT 8.x but I've found it not accessible and also > does not support the secure setup I'm wanting. > > Is Tteraterm accessible/does it support secure ciphers? > > Thanks. > Dave. > _______________________________________________ > Blind-sysadmins mailing list -- > blind-sysadmins@lists.hodgsonfamily.org > To unsubscribe send an email to > blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren gepr??ft. https://www.avast.com/antivirus _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org