one host only: ssh_dispatch_run_fatal
3,637 views
Skip to first unread message
Harry Putnam
Nov 7, 2016, 9:08:34 PM11/7/16
to openssh-...@mindrot.org
all but one lan host (gv)can ssh connect to host 2x
Included windows 10, several linux. 2x is a solaris host.
That problem host (gv) can connect to all others but 2x.
2x can connect to all other encluding the problem host (gv)
So gv ssh to 2x throws this error:
ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect
signature.
192.168.1.42 is 2x. So incoming ssh from gv to 2x has the problem.
So far I have removed all ssh config and files on both hosts and
reinstalled openssh.
The problem remains
Below is the full output of ssh -vv
gv (a gentoo host) ssh to 2x (a solaris <openindian> host).
gv harry> ssh -vv 2x
OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: resolving "2x" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 2x [192.168.1.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1-hpn14v11
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug1: Remote is NON-HPN aware
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 2x:22 as 'harry'
debug2: compat_kex_proposal: original KEX proposal: curve255...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: Compat: skipping algorithm "curve255...@libssh.org"
debug2: compat_kex_proposal: compat KEX proposal: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: local client KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed2551...@openssh.com,ssh-ed25519,ssh-rsa-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com,zlib
debug2: compression stoc: none,zl...@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: MACs ctos: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zl...@openssh.com
debug2: compression stoc: none,zl...@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: REQUESTED ENC.NAME is 'chacha20...@openssh.com'
debug1: kex: server->client cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: REQUESTED ENC.NAME is 'chacha20...@openssh.com'
debug1: kex: client->server cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 4070/8192
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-ed25519 SHA256:fDVJdFDNtnMrobEPdtuoLTTTXju1T+V+aKRGdI5Yook
debug1: Host '2x' is known and matches the ED25519 host key.
debug1: Found key in /home/harry/.ssh/known_hosts:2
debug2: bits set: 4134/8192
debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect signature
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Included windows 10, several linux. 2x is a solaris host.
That problem host (gv) can connect to all others but 2x.
2x can connect to all other encluding the problem host (gv)
So gv ssh to 2x throws this error:
ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect
signature.
192.168.1.42 is 2x. So incoming ssh from gv to 2x has the problem.
So far I have removed all ssh config and files on both hosts and
reinstalled openssh.
The problem remains
Below is the full output of ssh -vv
gv (a gentoo host) ssh to 2x (a solaris <openindian> host).
gv harry> ssh -vv 2x
OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: resolving "2x" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 2x [192.168.1.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1-hpn14v11
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug1: Remote is NON-HPN aware
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 2x:22 as 'harry'
debug2: compat_kex_proposal: original KEX proposal: curve255...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: Compat: skipping algorithm "curve255...@libssh.org"
debug2: compat_kex_proposal: compat KEX proposal: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: local client KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed2551...@openssh.com,ssh-ed25519,ssh-rsa-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com,zlib
debug2: compression stoc: none,zl...@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: MACs ctos: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zl...@openssh.com
debug2: compression stoc: none,zl...@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: REQUESTED ENC.NAME is 'chacha20...@openssh.com'
debug1: kex: server->client cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: REQUESTED ENC.NAME is 'chacha20...@openssh.com'
debug1: kex: client->server cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 4070/8192
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-ed25519 SHA256:fDVJdFDNtnMrobEPdtuoLTTTXju1T+V+aKRGdI5Yook
debug1: Host '2x' is known and matches the ED25519 host key.
debug1: Found key in /home/harry/.ssh/known_hosts:2
debug2: bits set: 4134/8192
debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect signature
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Darren Tucker
Nov 7, 2016, 9:58:54 PM11/7/16
to Harry Putnam, OpenSSH Devel List
On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
[...]
the problem with a stock OpenSSH from the source from openssh.com?
> debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
OpenSSH 6.6 has a bug in curve255...@libssh.org, which is the
kex method later selected.
Quoting the 6.7 release notes: https://www.openssh.com/releasenotes.html#6.7
"""
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve255...@libssh.org KEX exchange method to fail
when connecting with something that implements the specification
correctly. OpenSSH 6.7 disables this KEX method when speaking to
one of the affected versions.
so, setting HostKeyAlgorithms in ssh_config on the client to something
that doesn't include ssh-ed25519 might help.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[...]
> gv harry> ssh -vv 2x
>
> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
this is a third-party modified version of OpenSSH. Can you reproduce
>
> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
the problem with a stock OpenSSH from the source from openssh.com?
> debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
kex method later selected.
Quoting the 6.7 release notes: https://www.openssh.com/releasenotes.html#6.7
"""
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve255...@libssh.org KEX exchange method to fail
when connecting with something that implements the specification
correctly. OpenSSH 6.7 disables this KEX method when speaking to
one of the affected versions.
"""
> debug1: kex: host key algorithm: ssh-ed25519
[...]
> debug1: kex: host key algorithm: ssh-ed25519
> debug1: Found key in /home/harry/.ssh/known_hosts:2
> debug2: bits set: 4134/8192
> debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
> ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect signature
Maybe the same bug also affects ed25519 as a host key algorithm? If
> debug2: bits set: 4134/8192
> debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
> ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect signature
so, setting HostKeyAlgorithms in ssh_config on the client to something
that doesn't include ssh-ed25519 might help.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Harry Putnam
Nov 7, 2016, 10:44:54 PM11/7/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from openssh.com?
Well, since I'm not on a BSD system... <on gentoo linux> and since the
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from openssh.com?
instructions in the README file:
To extract and install this release on your OpenBSD system use:
# cd /usr/src/usr.bin
# tar xvfz .../openssh-x.y.tgz
# cd ssh
# make obj
# make cleandir
# make depend
# make
# make install
# cp ssh_config sshd_config /etc/ssh
And since there appear to be no other helpful files... I guess mucking
around with it and pounding thru google for a hour or two are a little
above my paygrade... not to mention skill level.... I guess not.
What I am doing is backup down to version 7.2 and compiling on gentoo
system. ... will report back.
I can say that 3 Debian systems running verion 6.7 have no problem
connecting to that same host.
Harry Putnam
Nov 7, 2016, 10:56:12 PM11/7/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from openssh.com?
I can report that gentoo's version 7.2 probably also with some kind of
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from openssh.com?
3rd party changes.... also fails in the same way.
Darren Tucker
Nov 7, 2016, 10:59:32 PM11/7/16
to Harry Putnam, OpenSSH Devel List
On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
> Darren Tucker <dtu...@zip.com.au> writes:
>
>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> [...]
>>> gv harry> ssh -vv 2x
>>>
>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>
>> this is a third-party modified version of OpenSSH. Can you reproduce
>> the problem with a stock OpenSSH from the source from openssh.com?
>
> Well, since I'm not on a BSD system... <on gentoo linux> and since the
> instructions in the README file:
Well you could click on the "For other OS's: Linux Solaris..." link
> Darren Tucker <dtu...@zip.com.au> writes:
>
>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> [...]
>>> gv harry> ssh -vv 2x
>>>
>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>
>> this is a third-party modified version of OpenSSH. Can you reproduce
>> the problem with a stock OpenSSH from the source from openssh.com?
>
> Well, since I'm not on a BSD system... <on gentoo linux> and since the
> instructions in the README file:
on the main page which would take you to
https://www.openssh.com/portable.html, which has installation
instructions and links to the portable version of the source (which
has an autoconf-style configure file).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Harry Putnam
Nov 7, 2016, 11:03:10 PM11/7/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from openssh.com?
I found a comment somewhere that explained that I needed the portable
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from openssh.com?
version. ... got that building right now so may have something shortly
Harry Putnam
Nov 7, 2016, 11:06:10 PM11/7/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>
>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>> the problem with a stock OpenSSH from the source from openssh.com?
>>
>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>> instructions in the README file:
>
> Well you could click on the "For other OS's: Linux Solaris..." link
> on the main page which would take you to
> https://www.openssh.com/portable.html, which has installation
> instructions and links to the portable version of the source (which
> has an autoconf-style configure file).
Thanks, yes. I got past the boneheaded part and got the right thing
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>
>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>> the problem with a stock OpenSSH from the source from openssh.com?
>>
>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>> instructions in the README file:
>
> Well you could click on the "For other OS's: Linux Solaris..." link
> on the main page which would take you to
> https://www.openssh.com/portable.html, which has installation
> instructions and links to the portable version of the source (which
> has an autoconf-style configure file).
downloaded ... building now.
Harry Putnam
Nov 7, 2016, 11:11:34 PM11/7/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>
>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>> the problem with a stock OpenSSH from the source from openssh.com?
>>
>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>> instructions in the README file:
>
> Well you could click on the "For other OS's: Linux Solaris..." link
> on the main page which would take you to
> https://www.openssh.com/portable.html, which has installation
> instructions and links to the portable version of the source (which
> has an autoconf-style configure file).
After kicking myself a few times for not catching on earlier... I
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>
>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>> the problem with a stock OpenSSH from the source from openssh.com?
>>
>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>> instructions in the README file:
>
> Well you could click on the "For other OS's: Linux Solaris..." link
> on the main page which would take you to
> https://www.openssh.com/portable.html, which has installation
> instructions and links to the portable version of the source (which
> has an autoconf-style configure file).
built the right version and am sorry to say that it fails with the
same error.
gv harry > ssh -vv 2x
debug1: Reading configuration data /usr/local/src/test/etc/ssh_config
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: resolving "2x" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 2x [192.168.1.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug2: resolving "2x" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 2x [192.168.1.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 2x:22 as 'harry'
debug2: compat_kex_proposal: original KEX proposal: curve255...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: Compat: skipping algorithm "curve255...@libssh.org"
debug2: compat_kex_proposal: compat KEX proposal: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: Authenticating to 2x:22 as 'harry'
debug2: compat_kex_proposal: original KEX proposal: curve255...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: Compat: skipping algorithm "curve255...@libssh.org"
debug2: compat_kex_proposal: compat KEX proposal: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 4084/8192
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-ed25519 SHA256:fDVJdFDNtnMrobEPdtuoLTTTXju1T+V+aKRGdI5Yook
debug1: Host '2x' is known and matches the ED25519 host key.
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-ed25519 SHA256:fDVJdFDNtnMrobEPdtuoLTTTXju1T+V+aKRGdI5Yook
debug1: Host '2x' is known and matches the ED25519 host key.
debug1: Found key in /home/harry/.ssh/known_hosts:2
debug2: bits set: 4098/8192
debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect signature
ssh_dispatch_run_fatal: Connection to 192.168.1.42 port 22: incorrect signature
Harry Putnam
Nov 7, 2016, 11:36:18 PM11/7/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>
>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>> the problem with a stock OpenSSH from the source from openssh.com?
>>
>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>> instructions in the README file:
>
> Well you could click on the "For other OS's: Linux Solaris..." link
> on the main page which would take you to
> https://www.openssh.com/portable.html, which has installation
> instructions and links to the portable version of the source (which
> has an autoconf-style configure file).
After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>
>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>> the problem with a stock OpenSSH from the source from openssh.com?
>>
>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>> instructions in the README file:
>
> Well you could click on the "For other OS's: Linux Solaris..." link
> on the main page which would take you to
> https://www.openssh.com/portable.html, which has installation
> instructions and links to the portable version of the source (which
> has an autoconf-style configure file).
find it fails with what looks like the same problem but has slightly
different wording.
version 6.7_p1
gv harry > ssh -vv 2x
debug1: Reading configuration data /usr/local/src/test/etc/ssh_config
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 2x [192.168.1.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/harry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug2: fd 3 setting O_NONBLOCK
debug2: compat_kex_proposal: original KEX proposal: curve255...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: Compat: skipping algorithm "curve255...@libssh.org"
debug2: compat_kex_proposal: compat KEX proposal: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ssh-ed2551...@openssh.com,ssh-ed25519,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-m...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-m...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup umac-...@openssh.com
debug1: kex: server->client aes128-ctr umac-...@openssh.com none
debug2: mac_setup: setup umac-...@openssh.com
debug1: kex: client->server aes128-ctr umac-...@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1494/3072
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ED25519 99:b7:1c:6d:1f:ce:dd:7f:37:a4:a2:34:56:32:18:f1
debug1: Host '2x' is known and matches the ED25519 host key.
debug1: Found key in /home/harry/.ssh/known_hosts:2
debug2: bits set: 1574/3072
debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
key_verify: incorrect signature
key_verify failed for server_host_key
Harry Putnam
Nov 7, 2016, 11:49:43 PM11/7/16
to openssh-...@mindrot.org
> Darren Tucker <dtu...@zip.com.au> writes:
>
>> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> Darren Tucker <dtu...@zip.com.au> writes:
>>>
>>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>>> [...]
>>>>> gv harry> ssh -vv 2x
>>>>>
>>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>>
>>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>>> the problem with a stock OpenSSH from the source from openssh.com?
>>>
>>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>>> instructions in the README file:
>>
>> Well you could click on the "For other OS's: Linux Solaris..." link
>> on the main page which would take you to
>> https://www.openssh.com/portable.html, which has installation
>> instructions and links to the portable version of the source (which
>> has an autoconf-style configure file).
>
> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
> find it fails with what looks like the same problem but has slightly
> different wording.
finally hit paydirt with version 6.4 did not try 6.5 and 6.6 but I
>
>> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>> Darren Tucker <dtu...@zip.com.au> writes:
>>>
>>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <rea...@newsguy.com> wrote:
>>>> [...]
>>>>> gv harry> ssh -vv 2x
>>>>>
>>>>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>>>>
>>>> this is a third-party modified version of OpenSSH. Can you reproduce
>>>> the problem with a stock OpenSSH from the source from openssh.com?
>>>
>>> Well, since I'm not on a BSD system... <on gentoo linux> and since the
>>> instructions in the README file:
>>
>> Well you could click on the "For other OS's: Linux Solaris..." link
>> on the main page which would take you to
>> https://www.openssh.com/portable.html, which has installation
>> instructions and links to the portable version of the source (which
>> has an autoconf-style configure file).
>
> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
> find it fails with what looks like the same problem but has slightly
> different wording.
can report that 6.4 works in my situation with no config
fidling... just right out of the build:
OpenSSH_6.4, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /usr/local/src/test/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 2x [192.168.1.42] port 22.
debug1: Connection established.
debug1: Connecting to 2x [192.168.1.42] port 22.
debug1: Connection established.
debug1: identity file /home/harry/.ssh/id_rsa type -1
debug1: identity file /home/harry/.ssh/id_rsa-cert type -1
debug1: identity file /home/harry/.ssh/id_dsa type -1
debug1: identity file /home/harry/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug2: key_type_from_name: unknown key type 'ssh-ed25519'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ssh-rsa-...@openssh.com,ssh-rsa-...@openssh.com,ssh-rsa,ssh-dss-...@openssh.com,ssh-dss-...@openssh.com,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-m...@openssh.com
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit: none,zl...@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes12...@openssh.com,aes25...@openssh.com,chacha20...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-m...@openssh.com,hmac-s...@openssh.com,umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-ripe...@openssh.com,hmac-sha...@openssh.com,hmac-md...@openssh.com,hmac-md5,hmac-sha1,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: kex: server->client aes128-ctr hmac-m...@openssh.com none
debug2: mac_setup: found hmac-m...@openssh.com
debug1: kex: client->server aes128-ctr hmac-m...@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 547/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 5d:29:99:eb:9e:c9:d3:59:bd:16:62:76:19:17:1d:67
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: key_type_from_name: unknown key type 'ssh-ed25519'
debug2: key_type_from_name: unknown key type 'ssh-ed25519'
debug1: Host '2x' is known and matches the RSA host key.
debug1: Found key in /home/harry/.ssh/known_hosts:3
debug2: bits set: 519/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/harry/.ssh/id_rsa ((nil)),
debug2: key: /home/harry/.ssh/id_dsa ((nil)),
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/harry/.ssh/id_rsa
debug1: Trying private key: /home/harry/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
BINGO...
Darren Tucker
Nov 7, 2016, 11:52:26 PM11/7/16
to Harry Putnam, OpenSSH Devel List
> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
> find it fails with what looks like the same problem but has slightly
> different wording.
I set up the same versions (server:OpenSSH_6.6p1, OpenSSL 1.0.1s 1
> find it fails with what looks like the same problem but has slightly
> different wording.
Mar 2016, client: OpenSSH_7.3p1, OpenSSL 1.0.1s 1 Mar 2016) on Linux
to try to reproduce it but failed.
./ssh -p 2022 -vvv -o ciphers=chacha20...@openssh.com -o
kexalgorithms=diffie-hellman-group-exchange-sha256 localhost
[...]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-ed25519
Can you tell me more about the server? You said it's Solaris, but is
it SPARC or x86? What OpenSSL version is it?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Darren Tucker
Nov 8, 2016, 12:01:15 AM11/8/16
to Harry Putnam, OpenSSH Devel List
On Tue, Nov 8, 2016 at 3:43 PM, Harry Putnam <rea...@newsguy.com> wrote:
[...]
host key algorithm. You'll probably see the same thing with the
newer clients if you set HostKeyAlgorithms in the client's ssh_config
like I suggested in my first reply (or remove/rename the ed25519 host
key file on the server, I think that version is before you could set
HostKeyAlgorithms).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[...]
> finally hit paydirt with version 6.4 did not try 6.5 and 6.6 but I
> can report that 6.4 works in my situation with no config
> fidling... just right out of the build:
[....]
> can report that 6.4 works in my situation with no config
> fidling... just right out of the build:
> debug2: key_type_from_name: unknown key type 'ssh-ed25519'
> debug2: key_type_from_name: unknown key type 'ssh-ed25519'
> debug1: Host '2x' is known and matches the RSA host key.
That's because the 6.4 client doesn't do the problematic ssh-ed25519
> debug2: key_type_from_name: unknown key type 'ssh-ed25519'
> debug1: Host '2x' is known and matches the RSA host key.
host key algorithm. You'll probably see the same thing with the
newer clients if you set HostKeyAlgorithms in the client's ssh_config
like I suggested in my first reply (or remove/rename the ed25519 host
key file on the server, I think that version is before you could set
HostKeyAlgorithms).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Harry Putnam
Nov 8, 2016, 8:08:25 AM11/8/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Tue, Nov 8, 2016 at 3:30 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
>> find it fails with what looks like the same problem but has slightly
>> different wording.
>
> I set up the same versions (server:OpenSSH_6.6p1, OpenSSL 1.0.1s 1
> Mar 2016, client: OpenSSH_7.3p1, OpenSSL 1.0.1s 1 Mar 2016) on Linux
> to try to reproduce it but failed.
>
> ./ssh -p 2022 -vvv -o ciphers=chacha20...@openssh.com -o
> kexalgorithms=diffie-hellman-group-exchange-sha256 localhost
> [...]
> debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
> debug1: kex: host key algorithm: ssh-ed25519
> debug1: kex: server->client cipher: chacha20...@openssh.com MAC:
> <implicit> compression: none
> debug1: kex: client->server cipher: chacha20...@openssh.com MAC:
> <implicit> compression: none
> On Tue, Nov 8, 2016 at 3:30 PM, Harry Putnam <rea...@newsguy.com> wrote:
> [...]
>> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
>> find it fails with what looks like the same problem but has slightly
>> different wording.
>
> I set up the same versions (server:OpenSSH_6.6p1, OpenSSL 1.0.1s 1
> Mar 2016, client: OpenSSH_7.3p1, OpenSSL 1.0.1s 1 Mar 2016) on Linux
> to try to reproduce it but failed.
>
> ./ssh -p 2022 -vvv -o ciphers=chacha20...@openssh.com -o
> kexalgorithms=diffie-hellman-group-exchange-sha256 localhost
> [...]
> debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
> debug1: kex: host key algorithm: ssh-ed25519
> debug1: kex: server->client cipher: chacha20...@openssh.com MAC:
> <implicit> compression: none
> debug1: kex: client->server cipher: chacha20...@openssh.com MAC:
> <implicit> compression: none
From another post Darren Tucker wrote:
> > That's because the 6.4 client doesn't do the problematic
> > ssh-ed25519 host key algorithm. You'll probably see the same
> > thing with the newer clients if you set HostKeyAlgorithms in the
> > client's ssh_config like I suggested in my first reply (or
> > remove/rename the ed25519 host key file on the server, I think
> > that version is before you could set HostKeyAlgorithms).
I'm sorry if by not doing that I tied you up in this thread but I did
> > That's because the 6.4 client doesn't do the problematic
> > ssh-ed25519 host key algorithm. You'll probably see the same
> > thing with the newer clients if you set HostKeyAlgorithms in the
> > client's ssh_config like I suggested in my first reply (or
> > remove/rename the ed25519 host key file on the server, I think
> > that version is before you could set HostKeyAlgorithms).
not understand how that would be done.
> Can you tell me more about the server? You said it's Solaris, but is
> it SPARC or x86? What OpenSSL version is it?
uname -a SunOS 2x 5.11 oi_151a9 i86pc i386 i86pc
It is an off shoot of Oracle Solaris named openindiana.
Running OpenSSH_6.6, OpenSSL 1.0.1u 22 Sep 2016.
Provided from the OpenCSW project that builds some solaris pkgs.
The last line of sshd_config must be the killer:
`kexAlgorithms diffie-hellman-group-exchange-sha1'
# grep -v '^#\|^$' /etc/ssh/sshd_config
Protocol 2
Port 22
ListenAddress ::
GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd no
KeepAlive yes
SyslogFacility auth
LogLevel info
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
KeyRegenerationInterval 3600
StrictModes yes
LoginGraceTime 600
MaxAuthTries 6
MaxAuthTriesLog 3
PermitEmptyPasswords no
PasswordAuthentication yes
PermitRootLogin yes
Subsystem sftp internal-sftp
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
kexAlgorithms diffie-hellman-group-exchange-sha1
------- ------- ---=--- ------- -------
Now having reinstalled ssh-7.3p1-r7 with gentoo's build patches
and with the:
`kexAlgorithms diffie-hellman-group-exchange-sha1'
Line removed It all works.
Does seem odd that several other ssh 6.6p1 on the lan had no trouble
connecting to 2x even with the kexAlgorithms line in its config.
Sorry about the line noise . . .
gv harry > ssh -vv 2x
OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
debug1: Next authentication method: publickey
debug1: Trying private key: /home/harry/.ssh/id_rsa
debug1: Trying private key: /home/harry/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password
Darren Tucker
Nov 8, 2016, 5:03:59 PM11/8/16
to Harry Putnam, OpenSSH Devel List
On Wed, Nov 9, 2016 at 12:02 AM, Harry Putnam <rea...@newsguy.com> wrote:
> Darren Tucker <dtu...@zip.com.au> writes:
[...]
> Darren Tucker <dtu...@zip.com.au> writes:
>> Can you tell me more about the server? You said it's Solaris, but is
>> it SPARC or x86? What OpenSSL version is it?
>> it SPARC or x86? What OpenSSL version is it?
> uname -a SunOS 2x 5.11 oi_151a9 i86pc i386 i86pc
[...]
> Running OpenSSH_6.6, OpenSSL 1.0.1u 22 Sep 2016.
I built my 6.6p1 with OpenSSL 1.0.1u but still failed to reproduce the problem.
> Provided from the OpenCSW project that builds some solaris pkgs.
>
> The last line of sshd_config must be the killer:
> `kexAlgorithms diffie-hellman-group-exchange-sha1'
(>10 years) so I'm surprised that it is related to the problem.
There's still a problem in there somewhere, but at this stage I have
no idea where it is (openssh, openssl, libraries, compiler,
toolchain...)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Harry Putnam
Nov 8, 2016, 7:35:57 PM11/8/16
to openssh-...@mindrot.org
Darren Tucker <dtu...@zip.com.au> writes:
> On Wed, Nov 9, 2016 at 12:02 AM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
> [...]
>>> Can you tell me more about the server? You said it's Solaris, but is
>>> it SPARC or x86? What OpenSSL version is it?
>> uname -a SunOS 2x 5.11 oi_151a9 i86pc i386 i86pc
> [...]
>> Running OpenSSH_6.6, OpenSSL 1.0.1u 22 Sep 2016.
>
> I built my 6.6p1 with OpenSSL 1.0.1u but still failed to reproduce the problem.
>
>> Provided from the OpenCSW project that builds some solaris pkgs.
>>
>> The last line of sshd_config must be the killer:
>> `kexAlgorithms diffie-hellman-group-exchange-sha1'
>
> diffie-hellman-group-exchange-sha1 is one of the oldest kex methods
> (>10 years) so I'm surprised that it is related to the problem.
>
> There's still a problem in there somewhere, but at this stage I have
> no idea where it is (openssh, openssl, libraries, compiler,
> toolchain...)
I kind of hid some info in the message you are replying to above, below
> On Wed, Nov 9, 2016 at 12:02 AM, Harry Putnam <rea...@newsguy.com> wrote:
>> Darren Tucker <dtu...@zip.com.au> writes:
> [...]
>>> Can you tell me more about the server? You said it's Solaris, but is
>>> it SPARC or x86? What OpenSSL version is it?
>> uname -a SunOS 2x 5.11 oi_151a9 i86pc i386 i86pc
> [...]
>> Running OpenSSH_6.6, OpenSSL 1.0.1u 22 Sep 2016.
>
> I built my 6.6p1 with OpenSSL 1.0.1u but still failed to reproduce the problem.
>
>> Provided from the OpenCSW project that builds some solaris pkgs.
>>
>> The last line of sshd_config must be the killer:
>> `kexAlgorithms diffie-hellman-group-exchange-sha1'
>
> diffie-hellman-group-exchange-sha1 is one of the oldest kex methods
> (>10 years) so I'm surprised that it is related to the problem.
>
> There's still a problem in there somewhere, but at this stage I have
> no idea where it is (openssh, openssl, libraries, compiler,
> toolchain...)
the ssh -vv output. Maybe you didn't notice it.
After removing the diffie hellman line, (it was not in the sshd_config
as installled but something I had added way back)I was able to return
to 7.3_p1-r7 the gentoo monified version that started this thread with
no problems at all.
So for the benefit of any searchers who stumble across this thread,
removing that line seems to have removed the problem that was causing
my gentoo host to fail when connecting to my solaris host.
Now, I'm back where all lan hosts can talk to each other over ssh.
Thanks for helping me sort that out... I've been hassling with it for
a good while, and probably would have continued to stumble around a
good while longer without your clear thinking and guidance.
Reply all
Reply to author
Forward
0 new messages