Showing entries with tag "SSH".

Found 3 entries

SSH to hosts with older ciphers

We have some older Cisco equipment that runs SSH with some untrusted ciphers. Specifically the key exchange is still using SHA1, which modern Linux distributions have deprecated. You may see something like this:

Unable to negotiate with 234.234.234.234 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

You can work around this by putting this in your ~/.ssh/config

Host 234.234.234.234
    KexAlgorithms +diffie-hellman-group1-sha1

Borrowed from StackExchange.

Leave A Reply

SSH: Transferring large files between hosts

I need to transfer several 10+ gigabyte files between two internal Linux hosts. The easiest way is to use either the scp or sftp. This will encrypt the transfer which can slow things down. There are several ciphers available that you can use to speed things up. Using modern OSs (Fedora 27, CentOS 7, FreeNAS 11) I wanted to find the best cipher to standardize on. The fastest cipher supported by all of my operating systems is aes128-gcm@openssh.com.

You can use aes128-gcm@openssh.com with scp and sftp like this:

scp -c aes128-gcm@openssh.com user@domain.com
sftp -c aes128-gcm@openssh.com user@domain.com

To use an alternate cipher with rsync use this command:

rsync -avP --rsh="ssh -c aes128-gcm@openssh.com" /source/dir user@domain.com:/destination/dir

Honorable mention goes to aes128-ctr as the second place contender. If for whatever reason aes128-gcm@openssh.com isn't available it would make a good alternate choice.

Leave A Reply

SSH: Batch mode for SSH/SCP scripting

SSH is great for scripting file transfers between two trusted hosts when you're using SSH keys. If you are using SSH keys to automate SSH commands you will want to make sure your SSH commands are using BatchMode. With BatchMode enabled, the SSH connection will fail immediately if the key is rejected, instead of failing back to a password prompt. This will prevent your scripts from "hanging" while it waits for you to type a password.

ssh -o BatchMode=true user@domain.com
scp -q -o BatchMode=true user@domain.com:/tmp/
Leave A Reply