Salve a tutti...
Ho diverse macchine SME9 e piano piano le devo portare sulla versione 10, cambiando nel contempo hardware.
Avrei necessità di fare un Rsync da 9 a 10 per passare dati e mail..
Ma mi trovo con il messaggio di incompatibilità di cifratura per lo scambio delle chiavi.
"Unable to negotiate with 192.168.1.239 port 57977: no matching MAC found. Their offer: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]"
Esiste un workaround per rendere i due sistemi compatibili ?
Ho provato senza successo con questo consiglio
In the algorithm names, -etm means "encrypt-then-mac", i.e. the message authentication code is calculated after encryption. It is recommended to use these algorithms because they are considered safer.
Also md5 MAC are unsafe. 32 bits
SHA1 are unsafe too. 160 bits.
Secure is nowaday at least 256, but will be soon 512
You should open a bug against your software to ask them to make this software secure again,
you might do that as a TEMPORARY workaround. The reason is that by doing that you will allow this cipher to anyone able to connect, making their connection insecure and open to access to the exchanged information, including the content of your backup.
mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config/
printf "#temp workaround for using Backup software with insecure options\nMACs=+hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com\n\n\n" > /etc/e-smith/templates-custom/etc/ssh/sshd_config/34MACsLocalAdd
expand-template /etc/ssh/sshd_config
systemctl restart sshd
for information winSCP allow the following MACs (https://winscp.net/eng/docs/ssh_algorithms):
Message authentication codes (MACs): hmac-md5, hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-md5-etm@openssh.com, hmac-sha1-etm@openssh.com, hmac-sha1-96-etm@openssh.com, hmac-sha2-256-etm@openssh.com