Discussion:
AES256-CTR support in Publish over SSH and JSch dependency Plugins
c***@gmail.com
2018-07-12 23:09:12 UTC
Permalink
Anyone from the "Publish over SSH" and "JSch dependency" plugins teams that
can help with this?
The SSH client in the Publish over SSH plugin which uses Jsch Dependency
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc*
OpenSSH 7.* is disabling cbc modes of the ciphers and also not offering
CBC ciphers by default.
https://www.openssh.com/releasenotes.html
* ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
ciphers.
* ssh(1): do not offer CBC ciphers by default.
It now enables the following ciphers by default: aes192-ctr and
aes256-ctr.
What are the plans to support these (aes192-ctr and aes256-ctr) ciphers in
these plugins?
Thanks.!
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7f9783bf-6330-4946-a53f-1a4dff767c30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Slide
2018-07-12 23:15:33 UTC
Permalink
From looking at the Jsch website (http://www.jcraft.com/jsch/), they show
the following in 0.15.4 which is what is used in the Jsch Plugin 0.15.4.2,
which is what is used in Publish Over SSH 1.19.1


-
Cipher: blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,
*aes192-ctr,aes256-ctr*,3des-ctr,arcfour,arcfour128,arcfour256


So, I don't think there is an issue, unless I am missing something.
Post by c***@gmail.com
Anyone from the "Publish over SSH" and "JSch dependency" plugins teams
that can help with this?
The SSH client in the Publish over SSH plugin which uses Jsch Dependency
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc*
OpenSSH 7.* is disabling cbc modes of the ciphers and also not offering
CBC ciphers by default.
https://www.openssh.com/releasenotes.html
* ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
ciphers.
* ssh(1): do not offer CBC ciphers by default.
It now enables the following ciphers by default: aes192-ctr and
aes256-ctr.
What are the plans to support these (aes192-ctr and aes256-ctr) ciphers
in these plugins?
Thanks.!
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/7f9783bf-6330-4946-a53f-1a4dff767c30%40googlegroups.com
<https://groups.google.com/d/msgid/jenkinsci-users/7f9783bf-6330-4946-a53f-1a4dff767c30%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVdHSf2GNm%2BR4v8xkUNsp%2B5uNYSJ8dY63M0KJrMjkK7pRQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Chief Vitalstatix
2018-08-02 18:52:49 UTC
Permalink
The website says it supports it, but when the Publish Over SSH plugin
connects, the sshd log throws the following error:
"fatal: no matching cipher found: client
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc server aes256-ctr"
and the corresponding error on Jenkins is:
"jenkins.plugins.publish_over.BapPublisherException: Failed to connect and
initialize SSH connection. Message: [Failed to connect session for config
[Config-Name]. Message [Algorithm negotiation fail]]"

If the Jsch plugin supports the new Ciphers, then the config file that the
Jsch client uses to exchange Cipher info with the server doesn't seem to be
updated.

The native ssh client on the Jenkins (client) works well with the remote
server. Not the Jsch ssh client that the Publish Over plugin uses.
Post by Slide
From looking at the Jsch website (http://www.jcraft.com/jsch/), they show
the following in 0.15.4 which is what is used in the Jsch Plugin 0.15.4.2,
which is what is used in Publish Over SSH 1.19.1
-
Cipher: blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,
*aes192-ctr,aes256-ctr*,3des-ctr,arcfour,arcfour128,arcfour256
So, I don't think there is an issue, unless I am missing something.
Post by c***@gmail.com
Anyone from the "Publish over SSH" and "JSch dependency" plugins teams
that can help with this?
The SSH client in the Publish over SSH plugin which uses Jsch Dependency
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc*
OpenSSH 7.* is disabling cbc modes of the ciphers and also not offering
CBC ciphers by default.
https://www.openssh.com/releasenotes.html
* ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
ciphers.
* ssh(1): do not offer CBC ciphers by default.
It now enables the following ciphers by default: aes192-ctr and
aes256-ctr.
What are the plans to support these (aes192-ctr and aes256-ctr) ciphers
in these plugins?
Thanks.!
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/7f9783bf-6330-4946-a53f-1a4dff767c30%40googlegroups.com
<https://groups.google.com/d/msgid/jenkinsci-users/7f9783bf-6330-4946-a53f-1a4dff767c30%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVdHSf2GNm%2BR4v8xkUNsp%2B5uNYSJ8dY63M0KJrMjkK7pRQ%40mail.gmail.com
<https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVdHSf2GNm%2BR4v8xkUNsp%2B5uNYSJ8dY63M0KJrMjkK7pRQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAODjEEMfFxee2t9NiMucegagDpeXygPPt%2BpGG-5G1%2BYQS_%3Dn0g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Ivan Fernandez Calvo
2018-08-03 17:19:16 UTC
Permalink
Check that your JDK supports the cipher and it is not disabled. On this page https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider said the following

Cipher suites that use AES_256 require installation of the JCE Unlimited Strength Jurisdiction Policy Files. See Import Limits on Cryptographic Algorithms.

https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#importlimits
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/48eb396a-27f5-4e85-a1d5-f97813216fd1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...