From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5B529138334 for ; Tue, 12 Mar 2019 10:02:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2954CE09A1; Tue, 12 Mar 2019 10:02:11 +0000 (UTC) Received: from mail-1.ca.inter.net (mail-1.ca.inter.net [208.85.220.69]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B6328E087A for ; Tue, 12 Mar 2019 10:02:10 +0000 (UTC) Received: from localhost (offload-3.ca.inter.net [208.85.220.70]) by mail-1.ca.inter.net (Postfix) with ESMTP id E645C31201C for ; Tue, 12 Mar 2019 06:02:09 -0400 (EDT) Received: from mail-1.ca.inter.net ([208.85.220.69]) by localhost (offload-3.ca.inter.net [208.85.220.70]) (amavisd-new, port 10024) with ESMTP id SOHPXXY9VJ4p for ; Tue, 12 Mar 2019 05:58:11 -0400 (EDT) Received: from ca.inter.net (host-45-78-194-142.dyn.295.ca [45.78.194.142]) by mail-1.ca.inter.net (Postfix) with SMTP id A64062EBD54 for ; Tue, 12 Mar 2019 06:02:07 -0400 (EDT) Received: by ca.inter.net (sSMTP sendmail emulation); Tue, 12 Mar 2019 06:02:07 -0400 Date: Tue, 12 Mar 2019 06:02:07 -0400 From: Philip Webb To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Ssh problem : half-solved Message-ID: <20190312100207.GO1934@ca.inter.net> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <20190310072554.GD1945@ca.inter.net> <3632699.JmrR1Salk2@dell_xps> <20190311173420.5a6e0f1f@digimed.co.uk> <5483438.QVxIg4VSJi@dell_xps> <20190311221457.7c345226@digimed.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190311221457.7c345226@digimed.co.uk> User-Agent: Mutt/1.10.1 (2018-07-13) X-Archives-Salt: a0c5aa58-f92b-4d00-9fb5-49b33093f36f X-Archives-Hash: 1dac9d8d00484cfd99c3c4c97f5c3165 190311 Neil Bothwick wrote: > Do you have any other Host stanzas in the config? No : /etc/ssh/ssh_config has the following uncommented lines : # Send locale environment variables. #367017 SendEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE # Send COLORTERM to match TERM. #658540 SendEnv COLORTERM # PP 190312 Host 128.100.160.1 KexAlgorithms +diffie-hellman-group1-sha1 # Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr I tried adding the 'Ciphers' line, which is mentioned in the I/net page, but Ssh chokes, so I commented it again : 528: ~> ssh -v chass.utoronto.ca OpenSSH_7.9p1, OpenSSL 1.0.2r 26 Feb 2019 debug1: Reading configuration data /home/purslow/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config /etc/ssh/ssh_config line 57: Bad SSH2 cipher spec '3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr'. > Check both config files for conflicts ~/.ssh/config has : Host 128.100.160.1 KexAlgorithms +diffie-hellman-group1-sha1 The latest output ('538' above) shows that it reads ~/.ssh/config , but apparently doesn't find what it wants there & therefore goes on to /etc/ssh/ssh_config , on which it chokes. Without the 'Cipher' line in the latter, it carries on with the handshake, but eventually can't do the key exchange. I've just looked at the USE flags : root:528 ssh> eix net-misc/openssh Available versions: 7.5_p1-r4 7.7_p1-r9^t 7.9_p1-r4^t {X X509 audit bindist debug (+)hpn kerberos ldap ldns libedit libressl livecd pam +pie sctp selinux skey ssh1 +ssl static test ABI_MIPS="n32" KERNEL="linux"} Installed versions: 7.9_p1-r4^t([2019-03-09 22:25:11])(X ssl -X509 -audit -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp -selinux -static -test ABI_MIPS="-n32" KERNEL="linux") NB Eix shows a Use flag 'ssh1', which Euses describes as : net-misc/openssh:ssh1 - Support the legacy/weak SSH1 protocol That looks as if it sb enabled, but when I try to enable it, it's available only for the oldest version : root:529 ssh> USE="ssh1" emerge -pv =openssh-7.5_p1-r4 Calculating dependencies... done! [ebuild UD] net-misc/openssh-7.5_p1-r4::gentoo [7.9_p1-r4::gentoo] USE="X -X509 -audit -bindist -debug -hpn -kerberos -ldap% -ldns -libedit -libressl -livecd -pam -pie -sctp (-selinux) -skey% ssh1%* ssl -static -test" root:530 ssh> USE="ssh1" emerge -pv =openssh-7.7_p1-r9 Calculating dependencies... done! [ebuild UD] net-misc/openssh-7.7_p1-r9::gentoo [7.9_p1-r4::gentoo] USE="X -X509 -audit -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp (-selinux) -skey% ssl -static -test" root:531 ssh> USE="ssh1" emerge -pv =openssh-7.9_p1-r4 Calculating dependencies... done! [ebuild R] net-misc/openssh-7.9_p1-r4::gentoo USE="X -X509 -audit -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp (-selinux) ssl -static -test" Can anyone offer further advice ? -- Thanks so far. -- ========================,,============================================ SUPPORT ___________//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT `-O----------O---' purslowatchassdotutorontodotca