This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 88%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello all, for reasons beyond our control, we need to allow an older system to SSH into a server 2019 host (for SFTP drops). Unfortunately, we continue to receive the following error: sshd: Unable to negotiate with [IP] port [number]: no matching cipher found. Their offer: aes128-cbc,none,3des-cbc,blowfish-cbc [preauth] I have tried to no avail to modify the sshd_config file in C:\ProgramData\ssh Am I missing something? How do I properly define the offered ciphers in that file? Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Something here ay help.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-schannel/ba-p/259233
https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
--please don't forget to Accept as answer if the reply is helpful--
Thanks for the info Patrick.. I do understand the 'why' of the problem, I just don't know how to configure the sshd_config file to use one of the cipher suites being chosen by the client. It looks like the SSH specific configuration is independent of the server-defined cipher suites, so the registry isn't controlling this unfortunately.
This might be relevant.
Looks like it is! Thanks for the link. I knew there was something strange going on, it's almost like it ignores the 'ciphers' option in the config file.