AnsweredAssumed Answered

ssh xCat (zLinux) with aes 256 ctr - class java.io.IOException

Question asked by Poyato on Mar 24, 2017
Latest reply on Mar 27, 2017 by MWNiebuhr

I am trying to connect the server with a Cipher Encryption (aes128-ctr, aes192-ctr, aes256-ctr).
IBM recommendation was not inserted into blowfish-cbc or 3des-cbc.
PAM ssh connector does not connect to server returning the error

 

Unable to connect to the remote SSH host. class java.io.IOException The socket is EOF

If the client (PAM) connects to the host (xCAT) through PLINK (putty) everything happens normally:

C:\Program Files (x86)\PuTTY>plink -v 172.1.1.8
Looking up host "172.1.1.8"
Connecting to 172.1.1.8 port 22
Server version: SSH-2.0-OpenSSH_6.2
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is: ssh-rsa 2048 b7:22:77:a6:4c:26:e1:b2:c8:6a:91:ab:4d:2c:84:fc
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
login as: root
Using SSPI from SECUR32.DLL
Attempting GSSAPI authentication
GSSAPI authentication request refused
root@172.1.1.8's password:
Sent password Access granted Opening session as main channel
Opened main channel
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
Last login: Thu Mar 23 15:54:31 2017 from 10.8.4.46

/etc/ssh/sshd_config from server xCat:
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin yes
PermitEmptyPasswords no
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512,hmac-sha1,hmac-sha2-256
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
UseDNS no
Subsystem       sftp    /usr/libexec/openssh/sftp-server

 

 

Outcomes