This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hello Guys and Gals,
I have a question in regards to supported ISE Ciphers...
To make a long story short we are unable to save to our repository since we migrated over to our new Toolbox Server. The TAC engineer stated that ciphers were at fault here so we are asking if ISE supports the following ciphers:
srmcucsisepanad01/admin# ssh 10.32.3.11 NetOpsFTP Unable to negotiate with 10.32.3.11 port 22: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr
Is there a way we can add these ciphers to ISE? If not can we have a list of ciphers that are supported so we can adjust on our end.
Solved! Go to Solution.
My customer ran into this same issue. Their SFTP server is a Microsoft box running OpenSSH. I was able to reproduce this in the lab using the Windows 10 SFTP implementation (which now come free with Windows 10)
Incidentally, I have never seen this issue with Linux based SSHD implementations (because I assume they leave a lot of the legacy ciphers enabled).
I tested this in my lab and the only change I made to my Windows OpenSSH sshd_config file was to add the line below – it leaves the other ciphers in place and only ADDs one more (for ISE)
I did enable the debugging command too
Because this was a fresh install, I didn’t change any other lines of the config file.
By the way, I found two config files in two different locations! Don’t be fooled – the one that the Windows Service uses (in my case) was here
And you should be able to view the log (very useful when combined with the DEBUG level enabled)