Garrett Wollman
2013-Jul-30 12:01 UTC
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
Am I the only person to be seeing this log message from sshd: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth] ? (security/openssh-portable, with HPN patches and MIT Kerberos, although Kerberos is not actually configured on this server.) A work-around is to disable aes128-cbc in sshd_config, but it would be nice not to have my logs spammed with this. Currently running openssh-portable-6.2.p2_3,1, and I think it started with upgrade to 6.2. -GAWollman
Mike Tancsa
2013-Jul-30 12:38 UTC
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
On 7/30/2013 8:01 AM, Garrett Wollman wrote:> Am I the only person to be seeing this log message from sshd: > > fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]> nice not to have my logs spammed with this. Currently running > openssh-portable-6.2.p2_3,1, and I think it started with upgrade to > 6.2.There is an open PR which can be closed now at http://www.freebsd.org/cgi/query-pr.cgi?pr=171809 which points to http://lists.freebsd.org/pipermail/svn-src-head/2013-May/047921.html Change the default in /etc/ssh/sshd_config to UsePrivilegeSeparation yes as it sounds like you have hardware crypto on the box and you are using UsePrivilegeSeparation sandbox which is broken ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/