ssh -i ~/.ssh/id_rsa admin@diskstation
Unable to negotiate with 10.0.0.43 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
but had forgotten how to debug/solve it.
The NAS, a Synology DS-414, is running: -
DSM 6.2.1-23824 Update 4
and the client is my Mac, running macOS 10.14.6.
This helped: -
ssh error: unable to negotiate with IP: no matching cipher found
which advised running: -
ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
and then picking one of the ciphers that BOTH the Synology AND the Mac support.
I chose: -
aes256-cbc
as follows: -
ssh -c aes256-cbc -i ~/.ssh/id_rsa admin@diskstation
and was in like Flynn: -
admin@DiskStation:~$ uname -a
Linux DiskStation 3.2.40 #23824 SMP Fri Sep 7 12:49:31 CST 2018 armv7l GNU/Linux synology_armadaxp_ds414
admin@DiskStation:~$
For the record, and as I type this, I'm busy updating the Synology to the most recent firmware.
In addition, given this: -
I'm also double-checking my security, in terms of from where one can access the NAS ( hint, ONLY from the LAN, not the WAN ) and also in terms of having a nice long, strong, complex password ......
In the words of Bart Busschots .... Stay Patched, Stay Secure
Or, to put it another way, Patchy McPatchface ( thanks, Bart )
No comments:
Post a Comment