Hi All,
Today I igraded a test system to F27. All went fine except that I'm haveing
some problem with the SSH-server. Please help me solve this problem.
When trying to connect a OpenVMS-system (yes I know only olde ciphers
etc...) I get the following error:
sirba-jj) ssh foxtrot
warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiatio
n failed.).
Running with verbose gives me:
sirba-jj) ssh -v foxtrot
debug(15-NOV-2017 15:30:55.04): Ssh2/SSH2.C:1896: CRTL version (SYS$SHARE:DECC$S
HR.EXE ident) is V8.4-00
debug(15-NOV-2017 15:30:55.22): SshAppCommon/SSHAPPCOMMON.C:313: Allocating glob
al SshRegex context.
debug(15-NOV-2017 15:30:55.26): SshConfig/SSHCONFIG.C:3482: Metaconfig parsing s
topped at line 4.
debug(15-NOV-2017 15:30:55.27): SshConfig/SSHCONFIG.C:890: Setting variable 'Ver
boseMode' to 'FALSE'.
debug(15-NOV-2017 15:30:55.28): SshConfig/SSHCONFIG.C:3390: Unable to open ssh2/
ssh2_config
debug(15-NOV-2017 15:30:55.32): Connecting to foxtrot, port 22... (SOCKS not use
d)
debug(15-NOV-2017 15:30:55.32): Ssh2/SSH2.C:2881: Entering event loop.
debug(15-NOV-2017 15:30:55.40): Ssh2Client/SSHCLIENT.C:1655: Creating transport
protocol.
debug(15-NOV-2017 15:30:55.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added
"hostbased" to usable methods.
debug(15-NOV-2017 15:30:55.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added
"publickey" to usable methods.
debug(15-NOV-2017 15:30:55.40): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added
"password" to usable methods.
debug(15-NOV-2017 15:30:55.40): Ssh2Client/SSHCLIENT.C:1696: Creating userauth p
rotocol.
debug(15-NOV-2017 15:30:55.40): client supports 3 auth methods: 'hostbased,publi
ckey,password'
debug(15-NOV-2017 15:30:55.41): SshUnixTcp/SSHUNIXTCP.C:1758: using local hostna
me hrem157.nano.tudelft.nl
debug(15-NOV-2017 15:30:55.41): Ssh2Common/SSHCOMMON.C:541: local ip = 131.180.1
16.37, local port = 49159
debug(15-NOV-2017 15:30:55.41): Ssh2Common/SSHCOMMON.C:543: remote ip = 131.180.
116.51, remote port = 22
debug(15-NOV-2017 15:30:55.41): SshConnection/SSHCONN.C:2584: Wrapping...
debug(15-NOV-2017 15:30:55.41): SshReadLine/SSHREADLINE.C:3662: Initializing Rea
dLine...
debug(15-NOV-2017 15:30:55.44): Remote version: SSH-2.0-OpenSSH_7.5
debug(15-NOV-2017 15:30:55.44): OpenSSH: Major: 7 Minor: 5 Revision: 0
debug(15-NOV-2017 15:30:55.44): Ssh2Transport/TRCOMMON.C:1857: All versions of O
penSSH handle kex guesses incorrectly.
debug(15-NOV-2017 15:30:55.44): Ssh2Transport/TRCOMMON.C:1935: Using Client orde
r for common key exchange algorithms.
debug(15-NOV-2017 15:30:55.45): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 2 to connection
debug(15-NOV-2017 15:30:55.45): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 20 to connection
debug(15-NOV-2017 15:30:55.45): Ssh2Transport/TRCOMMON.C:2832: >TR packet_type=2
0
debug(15-NOV-2017 15:30:55.45): Ssh2Transport/TRCOMMON.C:2394: lang s to c: `',
lang c to s: `'
debug(15-NOV-2017 15:30:55.45): Ssh2Transport/TRCOMMON.C:2410: Couldn't agree on
kex or hostkey alg. (chosen_kex = NULL, chosen_host_key = ssh-rsa)
debug(15-NOV-2017 15:30:55.45): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 2 to connection
debug(15-NOV-2017 15:30:55.45): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 1 to connection
debug(15-NOV-2017 15:30:55.45): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received:
Algorithm negotiation failed.
debug(15-NOV-2017 15:30:55.45): SshReadLine/SSHREADLINE.C:3728: Uninitializing R
eadLine...
warning: Authentication failed.
debug(15-NOV-2017 15:30:55.45): Ssh2/SSH2.C:327: locally_generated = TRUE
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiatio
n failed.).
debug(15-NOV-2017 15:30:55.45): Ssh2Client/SSHCLIENT.C:1731: Destroying client.
debug(15-NOV-2017 15:30:55.46): SshConfig/SSHCONFIG.C:2888: Freeing pki. (host_p
ki != NULL, user_pki = NULL)
debug(15-NOV-2017 15:30:55.46): SshConnection/SSHCONN.C:2636: Destroying SshConn
object.
debug(15-NOV-2017 15:30:55.46): Ssh2Client/SSHCLIENT.C:1799: Destroying client c
ompleted.
debug(15-NOV-2017 15:30:55.46): SshAuthMethodClient/SSHAUTHMETHODC.C:109: Destro
ying authentication method array.
debug(15-NOV-2017 15:30:55.55): SshAppCommon/SSHAPPCOMMON.C:326: Freeing global
SshRegex context.
debug(15-NOV-2017 15:30:55.55): SshConfig/SSHCONFIG.C:2888: Freeing pki. (host_p
ki = NULL, user_pki = NULL)
Seems that I have a problem with the ciphers, but I cannot figure out what
to change:
The ssh client on the OpenVMS side tells me it has the following ciphers:
Supported ciphers:
3des-cbc,aes256-cbc,aes192-cbc,aes128-cbc,aes256-ctr,aes192-ctr,aes128-ctr,blo
wfish-cbc,twofish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,des-cbc(a)ssh.c
om,cast128-cbc,rc2-cbc(a)ssh.com,arcfour,none
Supported MAC algorithms:
hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha256(a)ssh.com,hmac-sha256-96
@ssh.com,hmac-ripemd160@ssh.com,hmac-ripemd160-96@ssh.com,hmac-tiger128(a)ssh.com,
hmac-tiger128-96@ssh.com,hmac-tiger160@ssh.com,hmac-tiger160-96(a)ssh.com,hmac-tig
er192@ssh.com,hmac-tiger192-96(a)ssh.com,none
Looking on my Fedora 27 system (actually gives the same output as on a
working F26 system) I get
[root@foxtrot back-ends]# sshd -T |grep ciphers
/etc/ssh/sshd_config line 123: Deprecated option UsePrivilegeSeparation
ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openss
h.com,aes256-gcm@openssh.com,chacha20-poly1305(a)openssh.com,aes128-cbc,3des-cbc,b
lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour
[root@foxtrot back-ends]# sshd -T |grep hostkeyalg
/etc/ssh/sshd_config line 123: Deprecated option UsePrivilegeSeparation
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01(a)openssh.com,ecdsa-sha2-nistp384-c
ert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01(a)openssh.com,ssh-ed25519-cert-v0
1@openssh.com,ssh-rsa-cert-v01(a)openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp3
84,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
[root@foxtrot back-ends]# sshd -T |grep macs
/etc/ssh/sshd_config line 123: Deprecated option UsePrivilegeSeparation
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm(a)openssh.
com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128(a)openssh.com,hmac-
sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96
[root@foxtrot back-ends]# sshd -T |grep kexalg
/etc/ssh/sshd_config line 123: Deprecated option UsePrivilegeSeparation
gssapikexalgorithms gss-gex-sha1-,gss-group14-sha1-
kexalgorithms curve25519-sha256(a)libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384
,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-ex
change-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
To me it looks like there are common ciphers available. So the question is
why I cannot connect.
Regards
Jouk
Pax, vel iniusta, utilior est quam iustissimum bellum.
(free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.)
Epistularum ad Atticum 7.1.4.3)
Touch not the cat bot a glove
------------------------------------------------------------------------------<
Jouk Jansen
joukj(a)hrem.nano.tudelft.nl
Technische Universiteit Delft tttttttttt uu uu ddddddd
Kavli Institute of Nanoscience tttttttttt uu uu dd dd
Nationaal centrum voor HREM tt uu uu dd dd
Lorentzweg 1 tt uu uu dd dd
2628 CJ Delft tt uu uu dd dd
Nederland tt uu uu dd dd
tel. 31-15-2782272 tt uuuuuuu ddddddd
------------------------------------------------------------------------------<