IT Process Automation

 View Only
Expand all | Collapse all

ssh xCat (zLinux) with aes 256 ctr - class java.io.IOException

Jump to Best Answer
  • 1.  ssh xCat (zLinux) with aes 256 ctr - class java.io.IOException

    Posted Mar 24, 2017 10:18 AM

    I am trying to connect the server with a Cipher Encryption (aes128-ctr, aes192-ctr, aes256-ctr).
    IBM recommendation was not inserted into blowfish-cbc or 3des-cbc.
    PAM ssh connector does not connect to server returning the error

     

    Unable to connect to the remote SSH host. class java.io.IOException The socket is EOF

    If the client (PAM) connects to the host (xCAT) through PLINK (putty) everything happens normally:

    C:\Program Files (x86)\PuTTY>plink -v 172.1.1.8
    Looking up host "172.1.1.8"
    Connecting to 172.1.1.8 port 22
    Server version: SSH-2.0-OpenSSH_6.2
    Using SSH protocol version 2
    We claim version: SSH-2.0-PuTTY_Release_0.63
    Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256
    Host key fingerprint is: ssh-rsa 2048 b7:22:77:a6:4c:26:e1:b2:c8:6a:91:ab:4d:2c:84:fc
    Initialised AES-256 SDCTR client->server encryption
    Initialised HMAC-SHA-256 client->server MAC algorithm
    Initialised AES-256 SDCTR server->client encryption
    Initialised HMAC-SHA-256 server->client MAC algorithm
    login as: root
    Using SSPI from SECUR32.DLL
    Attempting GSSAPI authentication
    GSSAPI authentication request refused
    root@172.1.1.8's password:
    Sent password Access granted Opening session as main channel
    Opened main channel
    Allocated pty (ospeed 38400bps, ispeed 38400bps)
    Started a shell/command
    Last login: Thu Mar 23 15:54:31 2017 from 10.8.4.46

    /etc/ssh/sshd_config from server xCat:
    Protocol 2
    SyslogFacility AUTHPRIV
    PermitRootLogin yes
    PermitEmptyPasswords no
    PasswordAuthentication yes
    ChallengeResponseAuthentication no
    GSSAPIAuthentication yes
    GSSAPICleanupCredentials yes
    Ciphers aes256-ctr,aes192-ctr,aes128-ctr
    MACs hmac-sha2-512,hmac-sha1,hmac-sha2-256
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
    AcceptEnv XMODIFIERS
    X11Forwarding yes
    UseDNS no
    Subsystem       sftp    /usr/libexec/openssh/sftp-server

     

     



  • 2.  Re: ssh xCat (zLinux) with aes 256 ctr - class java.io.IOException
    Best Answer

    Broadcom Employee
    Posted Mar 27, 2017 01:41 PM

    I am not sure what the question or problem is here, but I can state that we have removed the Blowfish requirement for SSH connections in Process Automation version 4.3 SP1 with Hot Fix 1.

     

    If you would like HF01 for 4.3 SP1 please open a support ticket.