SSH Access With OpenSSH 7.6.p1

Asset ID:	1-72-2354923.1
Update Date:	2018-04-09
Keywords:

Solution Type Problem Resolution Sure

Solution 2354923.1 : SSH Access With OpenSSH 7.6.p1

Applies to:

Acme Packet 6300 - Version E-Cz7.3.0 and later
Information in this document applies to any platform.

Symptoms

After upgrading Open SSH client to 7.6p1, no longer able to SSH into the SBC with "user" or "admin" accounts.

Cause

OpenSSH 7.6p1 that will not take keys less than 1024.

https://www.openssh.com/releasenotes.html

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

* ssh(1): delete SSH protocol version 1 support, associated
configuration options and documentation.

* ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

* ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
ciphers.

* Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.

* ssh(1): do not offer CBC ciphers by default.

Solution

The SBC has both DSA and RSA keys to offer up. In the macOS client, enable the use of DSA which is disabled by default. Adding the following to the client user's .ssh_config file;

Example;

Host 1.2.3.4
Ciphers aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
HostKeyAlgorithms=ssh-dss

that client configuration file would be one of the following:

1. user's configuration file (~/.ssh/config)
2. system-wide configuration file (/etc/ssh/ssh_config)

Goal

Allow MacOS client to access SBC via SSH using DSA key

Attachments

This solution has no attachment