Error when trying to run scp command -- unknown cipher type 'p'

rousseau · 11 November 2023 02:35

Hi, I am trying to scp a file to a router running OpenWRT in order to restore the factory firmware.

However, I get an error when trying to run the command below :

$ scp -r -i /home/XXXXXX/.ssh/id_ed25519 -2 -scp -P 22 /home/XXXXXX/Téléchargements/firefox/FW_WRT32X_1.0.180404.58.img root@192.168.1.1:/tmp
Unknown cipher type 'p'
scp: Connection closed

Does anyone know how I can fix this ?

I’m basically following the scp example shown in the section “return to stock firmware”, here.

I can confirm that I can successfully ssh into the router.

$ ssh root@192.168.1.1                                                                                                                                                                   

BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.0, r23497-6637af95aa
 -----------------------------------------------------
root@OpenWrt:~#

Thanks.

Nachlese · 11 November 2023 03:22

a few things:

… I have never used the “-i” parameter
… the option “-2” isn’t even mentioned in “man scp”
… explicitly declaring the port seems … unnecessary

… when I do:
ssh root@192.168.4.1
which is my (quite old) OpenWRT Router
it refuses to connect with:

Unable to negotiate with 192.168.4.1 port 22: no matching host key type found. Their offer: ssh-rsa

so: they do not support what the default is here - and I have to allow for ssh-rsa locally to be able to connect.

You don’t seem to have that “problem” - you can simply connect.

well:

If you can connect, you can transfer a file as well.

scp ./the_file root@192.168.1.1:/tmp
(aka: from this place here to that location there)
should be good enough

Takakage · 11 November 2023 03:39

Adding to Nachlese, the option -scp also does not seem to be in the current man page. I’m no expert, but if it is being interpreted as -cp, this would mean to choose cipher p, which is consistent with the error message. According to OpenWrt’s page, -scp is supposed to force the use of the SCP protocol. It looks like the current way to do so is with the -O (uppercase letter O) option.

cfinnberg · 11 November 2023 05:40

If you can ssh your router, can you try to just upload the file the same way?

scp /home/XXXXXX/Téléchargements/firefox/FW_WRT32X_1.0.180404.58.img root@192.168.1.1:/tmp

rousseau · 11 November 2023 08:02

Thanks everyone for the replies and the help. Great community here.
I managed to get it working by replacing the two options -2 and -scp with a single -O option.
Probably would have worked equally well without the -i, -r and -P options, but I left them in anway.

ck3po · 8 December 2023 17:48

Argh. Care to share what the full set of options was that did the trick? I’m encountering exactly the same problem with exactly the same error code.

I ended up using this command to SSH in:

ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa -o KexAlgorithms=+diffie-hellman-group1-sha1

… but when I try the same options on “scp” it always produces the same ‘p’ unknown cipher error… Very frustrating.

Nachlese · 8 December 2023 22:26

I can connect to my OpenWRT router like this:

First what doesn’t work, with the following error message:

ssh root@192.168.4.1
Unable to negotiate with 192.168.4.1 port 22: no matching host key type found. Their offer: ssh-rsa

It works with this additional option to the command:

ssh -o HostKeyAlgorithms=+ssh-rsa root@192.168.4.1
The authenticity of host '192.168.4.1 (192.168.4.1)' can't be established.
RSA key fingerprint is SHA256:CpF6Io9GR0jnSWnnJu4hH4/d16dhTVbogIp0/5gSgeI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.4.1' (RSA) to the list of known hosts.
root@192.168.4.1's password: 


BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.4, r11208-ce6496d796
 -----------------------------------------------------
root@OpenWrt:~#

-o HostKeyAlgorithms=+ssh-rsa
is the only thing I need to add to the command
because this routers sshd does not support whatever the default key algorithms on modern Linux like Manjaro or Mint are

To scp copy a file to the routers /tmp directory:
scp -o HostKeyAlgorithms=+ssh-rsa /path/to/file root@192.168.4.1:/tmp

Mine is obviously a much older version of OpenWRT - the hardware is not the most recent.
It is an: AVM FRITZ!Box 7412 which I use to run Travelmate - I never bothered to keep it up to date since I installed and configured it.

cfinnberg · 9 December 2023 08:52

Probably You know it, but you can also have “permanently” added that setting to SSH. In ~/.ssh/config You should add something like:

Host router
  Hostname 192.168.4.1
  User root
  HostKeyAlgorithms +ssh-rsa

After that, you can just run ssh router or scp /path/to/file router:/tmp

Nachlese · 9 December 2023 09:22

Yes, I knew that - but I didn’t bother doing it - I very rarely need to ssh into the thing.
But now that you served me with the copy/paste ready solution, I was not going to let your effort go to waste.
It works - of course!
Thank you!