Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1454433.1
Update Date:2012-08-16
Keywords:

Solution Type  Problem Resolution Sure

Solution  1454433.1 :   Sun Storage 7000 Unified Storage System: sshd 'common cipher' messages clutter the log files.  


Related Items
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  


Logs could be cluttered by sshd clients due to conflict between clients' use use of old sshd ciphers.

In this Document
Symptoms
Cause
Solution


Created from <SR 3-4760100601>

Applies to:

Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Information in this document applies to any platform.
One might see many logs such as:

Apr 14 08:53:55 my-nas-box-1 sshd[8286]: [ID 800047 auth.crit] fatal: Client and server could not agree on a common cipher: client "aes128-cbc,twofish192-cbc,cast128-cbc,twofish256-cbc,twofish128-cbc,3des-cbc,blowfish-cbc,aes256-cbc,aes192-cbc", server "aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour". The server cipher list can be controlled using the "Ciphers" option, see sshd_config(4) for more information.

among the logs in a Series 7000 NAS Appliance.

The reason for these logs is that there are sshd clients connecting to the 7000 box which are using old sshd ciphers.
Since 7000 boxes do not use old ciphers, a conflict arises and hence the logs. However, the logs are harmless despite their numbers.

Symptoms

One can see messages such as the following in the logs:

 Apr  14 08:53:55 my-nas-box-1 sshd[8286]: [ID 800047 auth.crit] fatal: Client and server could not agree on a common cipher: client "aes128-cbc,twofish192-cbc,cast128-cbc,twofish256-cbc,twofish128-cbc,3des-cbc,blowfish-cbc,aes256-cbc,aes192-cbc", server "aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour". The server cipher list can be controlled using the "Ciphers" option, see sshd_config(4) for more information.

Cause

The cause of these logs are that the clients are using old ciphers which are not compatible with new ciphers used by the appliance boxes.

As one can also see from the logs, the list of acceptable common ciphers used in a 7000 box are:            aes128-ctr,aes192-ctr,aes256-ctr,arcfour128, arcfour256 and arcfour

In the example above, the client is using old ciphers: aes128-cbc,twofish192-cbc,cast128-cbc,twofish256-cbc,twofish128-cbc,3des-cbc,blowfish-cbc,aes256-cbc,aes192-cbc

Therefore, the two list do not match and hence the error.

Solution

Ignore the messages if the clients are not accessing the 7000 box.

If they do need to ssh to the box, upgrade the clients so that they too use new ssh ciphers when connecting to the 7000 box.


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback