Forum

"Preferred cipher o...
 
Notifications
Clear all

"Preferred cipher order" is empty

0 Posts
2 Users
0 Reactions
282 Views
(@chrise)
New Member
Joined: 18 years ago
Posts: 2
Topic starter  

I now receive this error when attempting to connect to some hosts via SSH1. It doesn't happen on all of them though.:

"All the encryption algorithms that this program and the server both understand have been disabled. To communicate with this server, you will have to enable some more ciphers
in the Options->Properties->Connection->SSH dialog box.
This connection will now close"

I've opened the Properties and gone into the SSH1 tab and the encryption button but the "preferred cipher order" list is empty. I've reinstalled Absolute Telnet 7.21 but no change. The target hosts are Cisco PIX 501 devices running version 6.3(5). I was able to connect to these hosts in the past so what did I screw up?


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Go to the options->properties->connection->ssh2 tab and press the 'encryption' button. Check to see if the 'fips mode' checkbox is selected. If it is, deselect it. SSH1 encryption algorithms are not allowed in FIPS mode and are all disabled.

If the 'fips mode' checkbox is greyed out, this means that when you installed, you chose the 'enforced' fips mode which means that SSH1 is not allowed at all. To disable FIPS, you'll have to re-install and choose one of the install options that allows FIPS mode to be optional, then re-visit the encryption tab and de-select fips mode.

Version 7 uses a FIPS certified cryptography module, which makes AbsoluteTelnet/SSH compliant with FIPS regulations for governmental and military uses. By running in FIPS mode, only cryptography functionality that is supported by the validated crypto module can be used. This ensures you that you're using cryptography algorithms of the highest quality and independently validated by a certification lab and approved by the NIST. Unfortunately, the SSH1 components are not validated and cannot be used in FIPS mode.

Hope this helps!

Brian


   
ReplyQuote
(@chrise)
New Member
Joined: 18 years ago
Posts: 2
Topic starter  

Thanks Brian, that did it!

Kris


   
ReplyQuote
Share: