This one has got me stumped, it would appear starting in the latest Apple release, El Capitan, using the Chilkat SSH library to open a connection results in the a failed connection with the following errors in the /var/log/system.log on the remote apple machine:
fatal: ssh_dispatch_run_fatal: Connection to xx..xx.xx.xx: no matching cipher found [preauth]
I imagine there's a way to get a list of ciphers and try to make it work, very strange it can't just figure it out on its own.. anyone else ran into this yet?
Check to see if Chilkat v126.96.36.199 (the latest release) solves the problem.
It does not, I just pulled it down and rebuilt with 188.8.131.52.
From the website it would appear the ciphers are:
By default, the component will automatically choose the first cipher supported by the server in the order listed here: "aes256-ctr", "aes128-ctr", "aes256-cbc", "aes128-cbc", "twofish256-cbc", "twofish128-cbc", "blowfish-cbc", "3des-cbc", "arcfour128", "arcfour256". (If blowfish is chosen, the encryption strength is 128 bits.)
And from the man pages for sshd_config on the Apple: aes128-ctr, aes192-ctr, aes256-ctr, email@example.com,firstname.lastname@example.org,email@example.com
So it would appear we'd have a match instantly...
Use verbose logging (set the Chilkat object's VerboseLogging property = YES/true) and then examine the contents of the LastErrorText after the failed call to Connect.
Done, I've also attempted by forcing the cipher with no success. That DllDate has me concerned, I've double checked the linked static library, but I'll look again, I removed the license specific details.
ChilkatLog: Connect_Ssh: DllDate: Apr 20 2012 Architecture: Little Endian; 32-bit Language: Visual C++ 9.0 hostname: 192.168.1.2 port: 22 ConnectTimeoutMs_1: 30000 calling ConnectSocket2 IPV6 enabled connect with NO heartbeat. This is an IPV4 numeric address... AddrInfoList: AddrInfo: ai_flags: 4 ai_family: 2 ai_socktype: 1 ai_protocol: 0 ai_addrlen: 16 ai_canonname: (NULL) --AddrInfo --AddrInfoList Connect using IPV4. ipAddress1: 192.168.1.2 myIP_3: 192.168.1.15 myPort_3: 51219 connect successful (2) Established TCP/IP connection with SSH server clientIdentifier: SSH-2.0-PuTTY_Local:_May_14_2009_21:12:18 Sending client identifier... Done sending client identifier. Reading server version... initialDataFromSshServer: SSH-2.0-OpenSSH_6.9
serverVersion: SSH-2.0-OpenSSH_6.9 sendMessage: msgName: KEXINIT unpaddedLength: 452 remainder: 4 paddingLen: 4 totalSize: 456 --sendMessage packetLen: 948 KeyExchangeAlgs: algorithm: firstname.lastname@example.org algorithm: ecdh-sha2-nistp256 algorithm: ecdh-sha2-nistp384 algorithm: ecdh-sha2-nistp521 algorithm: diffie-hellman-group-exchange-sha256 algorithm: diffie-hellman-group14-sha1 --KeyExchangeAlgs HostKeyAlgs: algorithm: ssh-rsa algorithm: ssh-dss algorithm: ecdsa-sha2-nistp256 algorithm: ssh-ed25519 --HostKeyAlgs EncCS: algorithm: email@example.com algorithm: aes128-ctr algorithm: aes192-ctr algorithm: aes256-ctr algorithm: firstname.lastname@example.org algorithm: email@example.com --EncCS EncSC: algorithm: firstname.lastname@example.org algorithm: aes128-ctr algorithm: aes192-ctr algorithm: aes256-ctr algorithm: email@example.com algorithm: firstname.lastname@example.org --EncSC MacCS: algorithm: email@example.com algorithm: firstname.lastname@example.org algorithm: email@example.com algorithm: firstname.lastname@example.org algorithm: email@example.com algorithm: firstname.lastname@example.org algorithm: email@example.com algorithm: hmac-sha2-256 algorithm: hmac-sha2-512 algorithm: hmac-sha1 --MacCS MacSC: algorithm: firstname.lastname@example.org algorithm: email@example.com algorithm: firstname.lastname@example.org algorithm: email@example.com algorithm: firstname.lastname@example.org algorithm: email@example.com algorithm: firstname.lastname@example.org algorithm: hmac-sha2-256 algorithm: hmac-sha2-512 algorithm: hmac-sha1 --MacSC CompCS: algorithm: none algorithm: email@example.com --CompCS CompSC: algorithm: none algorithm: firstname.lastname@example.org --CompSC Unable to agree upon server-to-client encryption algorithm. Unable to agree upon client-to-server encryption algorithm. MAC: HMAC-SHA1 MAC: HMAC-SHA1 Compression: none Compression: none Key Exchange: DH Group Exchange SHA256 Host Key Algorithm: DSS numBits: 128 pbits: 1024 Using GEX Group. Sending KEX_DH_GEX_REQUEST... pbits: 1024 sendMessage: msgName: KEX_DH_GEX_REQUEST unpaddedLength: 10 remainder: 2 paddingLen: 6 totalSize: 16 --sendMessage numBytesRequested: 8 Connection closed by connected peer. Failed to read data on SSH connection. Failed to read KEX_DH_GEX_REQUEST response Failed.
You're using an old version of Chilkat. Notice this in the LastErrorText: "DllDate: Apr 20 2012"
Damn it! I was using the wrong libs, my mistake. It would appear this has been corrected in the latest release, I'm very sorry for the confusion.