Hardening SSH vs. Eclipse RSE

After hardening the SSH configuration on a Debian server by removing unsecure ciphers and MACs I got in trouble with Eclipse Remote System Explorer.

When trying to open the server, I always got an „Algorithm negotiation fail“ message:

Even installing the missing Unlimited Strength version of Java Crypto Extension which allows key sizes larger then 128 bit doesn’t helped me out.

The problem was the allowed KexAlgorithms and the list of MACs in the configuration:

Ciphers aes256-ctr,aes256-cbc
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

After re-enabling the insecure default configuration by commenting out the both lines in the configuration allowed me to reconnect to the server again.

Ciphers aes256-ctr,aes256-cbc
#KexAlgorithms diffie-hellman-group-exchange-sha256
#MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

I don’t feel happy about it. But it seems that there is actually no workaround.

Dieser Beitrag wurde unter Security veröffentlicht. Setze ein Lesezeichen auf den Permalink.

2 Kommentare zu Hardening SSH vs. Eclipse RSE

  1. Joe sagt:

    I have the same problem. But I can’t find that config file to duplicate your edits. Which file are you editing????

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.