Control Compliance Suite 11: Solaris 11 agent-less data collection fails: Couldn't agree a client-to-server cipher
| Article:TECH196470 | | | Created: 2012-09-11 | | | Updated: 2012-11-08 | | | Article URL http://www.symantec.com/docs/TECH196470 |
Problem
Targeting a Agent-less Solaris v11 x64 asset - an error shows for the data collection: Couldn't agree a client-to-server cipher.
Note: agent and agent-less data collection from Oracle Solaris 11 assets is supported by the latest Symantec Control Compliance Suite 11 and 10.5.1 versions.
Error
{Date Time},Unix Data Collector: query returned with message(s).,"{solaris11_asset_host_name}: Couldn't agree a client-to-server cipher (available: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour)",Error,{solaris11_asset_host_name}:{IP_Address},UNIX Machine,,
Environment
Symantec Control Compliance Suite 10.5.1
Symantec Control Compliance Suite 11 GA
Oracle Solaris 11 (both X64 and SPARC)
Cause
The ssh handshake attempt between CCS and the Solaris 11 system fails to agree on a cipher.
By default Solaris 11 only supports the following ciphers: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour.
CCS requires 3des-cbc.
Solution
The current workaround is to add the "3des-cbc" to the list of accepted ciphers in the Solaris 11 sshd configuration file.
Step 1. Add the following line in /etc/ssh/sshd_config (We are adding 3des-cbc to the default ciphers)
Step 2. Restart the sshd daemon on Solaris system.
At this point the CCS agent-less data collection will work.
|
|
| Source | ETrack |
| Value | 2927081 |
Article URL http://www.symantec.com/docs/TECH196470
Terms of use for this information are found in Legal Notices
Thank you.