7

I set up a Raspberry Pi 3b with Windows 10 IoT to try it out. In the past I had Linux running and I would just ssh connect to it. However when trying to ssh from powershell to the Windows 10 IoT it would fail with this error:

Unable to negotiate with 10.155.41.47 port 22: no matching cipher found. Their offer: aes256-cbc,aes192-cbc,aes128-cbc

I use this command:

ssh administrator@10.155.41.47

Is it just not possible to ssh from Windows 10 with Powershell to Windows 10 IoT?

findusl
  • 213
  • 1
  • 6
  • 1
    Have you tried using PuTTY? https://docs.microsoft.com/en-us/windows/iot-core/connect-your-device/ssh – JD Allen May 27 '18 at 23:50
  • That does work. So basically Windows added a ssh feature but it is not even good enough to connect to another windows computer? That seems ridiculous. – findusl May 28 '18 at 08:20

2 Answers2

2

When your SSH client attempts to open a connection, the server and client exchange lists of ciphers that they support for encrypting the SSH session. The first cipher that the client and server have in common is used to encrypt the connection. If there are no ciphers in common between the client and the server, you'll see the "no matching cipher found" message that you are receiving.

You can download PuTTY or OpenSSH, both are free downloadable command line ssh client for windows operating system. After that you can go through the below link:
https://docs.microsoft.com/en-us/windows/iot-core/connect-your-device/ssh.

If you want to use powershell, here is the documentation:
https://docs.microsoft.com/en-us/windows/iot-core/connect-your-device/powershell

Keep in mind that you have to run powershell as an administrator. But first of all update all the related softwares. Also you can also use the following command:

$ssh -c aes256-cbc machine@yourhost

Please refer the manual but its not recommended due to security issues.

anonymous2
  • 4,872
  • 3
  • 20
  • 48
  • What do you mean it doesn't have a built-in ssh client? I thought that is exactly what they added recently. Wouldn't the command otherwise give me a error message of the form 'ssh not found'? https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/ – findusl May 28 '18 at 07:36
  • Didn't knew about this feature –  May 28 '18 at 07:45
  • Try with powershell once. When your SSH client attempts to open a connection, the server and client exchange lists of ciphers that they support for encrypting the SSH session. The first cipher that the client and server have in common is used to encrypt the connection. If there are no ciphers in common between the client and the server, you'll see the "no matching cipher found" message that you are receiving. –  May 28 '18 at 07:48
  • I tried with powershell according to the manual. It failed, I sadly only have error output in german. I added some comments with #####. https://pastecode.xyz/view/4c30dadf – findusl May 28 '18 at 08:05
  • Try to update everything. You can select ciphers from above using ssh -c command. Please refer the manual but its sometime not recommended due to security issues –  May 28 '18 at 08:16
  • I used windows update already on the raspberry and on my computer when I first had the ssh errors, hoping it would add these missing ciphers. Is there something else I could update? – findusl May 28 '18 at 08:17
  • 1
    ssh -c aes256-cbc machine@yourhost –  May 28 '18 at 08:21
  • Thanks, Now SSH is working. If you would edit the original answer, I will mark it as correct as it solves my problem. While aes256-cbc may not be the best, it should be good enough from what I read online. I assume the more computational expensive encryptions are too much for raspberry. But I do have limited cryptography knowledge. – findusl May 28 '18 at 10:06
  • I also got powershell to work, I had to add the -credentials parameter. I found it here: https://www.pcwelt.de/ratgeber/Windows_auf_Raspberry_Pi-10020917.html It will not work via Https, but that is due to missing certificate which is logical if you think about it, but I didn't think about it :D. However powershell remote is by default encrypted. https://4sysops.com/archives/powershell-remoting-over-https-with-a-self-signed-ssl-certificate/ – findusl May 28 '18 at 10:19
0

  1. Download putty as need of 64 bit or 32 bit

  2. Open the command prompt at the Windows iot core OS

  3. Give "ipconfig" and note the ipv4 address.

  4. Now add your network with the raspberry pi board ip address

    • netsh method
    • advanced settings method

  5. After known the ip just open the putty and put your id there select ssh and open the putty

  6. Give the user name and password

  7. Now you can easily access the SSH service of the windows IOT core ...
hardillb
  • 12,553
  • 1
  • 20
  • 34
prabhakaran k
  • 1
  • As you can see in the comment of the question I do know putty and it works. But I wonder why Windows can't connect to another Windows. It seems wrong. – findusl Oct 01 '19 at 10:02
  • 1
    Soliciting outside SE contact is not allowed. You may disclose professional affiliations, services, blogs, et cetera in your profile only. – Helmar Oct 02 '19 at 07:44