I'm running Kali Linux with ssh -V of OpenSSH_7.7p1 Debian-3, OpenSSL 1.0.2o 27 Mar 2018. I tried to SSH to a server (a hacking challenge) and got the response Unable to negotiate with ********* port 22: no matching cipher found. Their offer: 3des-cbc,blowfish-cbc,cast128-cbc,idea-cbc.
I've tried editing my /etc/ssh/ssh_config file to add one of those four to my Ciphers listing, but the I got the message /etc/ssh/ssh_config line 38: Bad SSH2 cipher spec 'aes128-cbc,blowfish-cbc'.
I've also tried specifying a Cipher with -c, eg ssh ********* -c blowfish-cbc, but then I get Unknown cipher type 'blowfish-cbc'.
Interestingly, when I tried -c with 3des-cbc, I actually got a different response:
ssh ********* -c 3des-cbc
Received disconnect from ********* port 22:2: Handshake failed
Disconnected from ********* port 22
Am I correct in thinking that my late version of SSH doesn't allow using those ciphers? And how would I get around that?
Update: I've been asked to clarify how this isn't a duplicate of this question. The solution given there was to update the server's config, which is obviously not an option available to me here. Also, there, the -c option was working, and the only question was why it was neccesary, whereas here it doesn't appear to be.
However, I did learn from there the ssh -Q cipher command, which does in fact respond that my ssh client supports 3des-cbc, though not the other 3. This might imply that in fact -c 3des-cbc is the right approach, and I just need to debug it further to discover why the handshake fails. So maybe it does contain my answer, albeit very indirectly.
Would that work as an attack on the server itself,.... It wouldn't be fun to give away too many details... it's a challenge, right? ... Have a look at cbc
– RubberStamp Nov 16 '18 at 16:39