From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 74F50138334 for ; Tue, 12 Mar 2019 14:33:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9FCC8E09DF; Tue, 12 Mar 2019 14:32:54 +0000 (UTC) Received: from mail-1.ca.inter.net (mail-1.ca.inter.net [208.85.220.69]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3834BE09B6 for ; Tue, 12 Mar 2019 14:32:54 +0000 (UTC) Received: from localhost (offload-3.ca.inter.net [208.85.220.70]) by mail-1.ca.inter.net (Postfix) with ESMTP id 67318312062 for ; Tue, 12 Mar 2019 10:32:53 -0400 (EDT) Received: from mail-1.ca.inter.net ([208.85.220.69]) by localhost (offload-3.ca.inter.net [208.85.220.70]) (amavisd-new, port 10024) with ESMTP id S9b1gnGjnt5E for ; Tue, 12 Mar 2019 10:28:54 -0400 (EDT) Received: from ca.inter.net (host-45-78-194-142.dyn.295.ca [45.78.194.142]) by mail-1.ca.inter.net (Postfix) with SMTP id 42E8E312060 for ; Tue, 12 Mar 2019 10:32:51 -0400 (EDT) Received: by ca.inter.net (sSMTP sendmail emulation); Tue, 12 Mar 2019 10:32:51 -0400 Date: Tue, 12 Mar 2019 10:32:51 -0400 From: Philip Webb To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Ssh problem : half-solved Message-ID: <20190312143251.GR1934@ca.inter.net> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <20190310072554.GD1945@ca.inter.net> <20190311221457.7c345226@digimed.co.uk> <20190312100207.GO1934@ca.inter.net> <1957877.GUPDyC2qnI@dell_xps> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1957877.GUPDyC2qnI@dell_xps> User-Agent: Mutt/1.10.1 (2018-07-13) X-Archives-Salt: a996aa3c-a1b0-4bc7-88a4-3b67f9d7ae7f X-Archives-Hash: 7b1e87414a6253b8ec99672c6bee0d82 190312 Mick wrote: > On Tuesday, 12 March 2019 10:02:07 GMT Philip Webb wrote: >> I tried adding the 'Ciphers' line, which is mentioned in the I/net page, >> but Ssh chokes, so I commented it again : > The ciphers do not come into play > until the key exchange algos have been agreed upon. > In your case the handshake does not reach this far > and therefore you do not need (yet) to specify any additional ciphers. > The server problem is still with the KexAlgorithms. Yes, that seems sensible. >> NB Eix shows a Use flag 'ssh1', which Euses describes as : >> net-misc/openssh:ssh1 - Support the legacy/weak SSH1 protocol > If you watch The Matrix, a 20 year old film, > you will see why ssh version 1 should be disabled by default > or the machine on which it is enabled isolated from the Internet. > I suggest you remove all settings for Host 128.100.160.1 > from the /etc/ssh/ssh_config file > and place them in your ~/.ssh/config file only. > Then run : 'ssh -v 128.100.160.1' Progress, but still a puzzle. I commented the lines in /etc/... & when I use the IP, not the URL, the connection goes thro' ; when I use the URL, it still doesn't. Here's the output : 561: ~> ssh -v 128.100.160.1 OpenSSH_7.9p1, OpenSSL 1.0.2r 26 Feb 2019 debug1: Reading configuration data /home/purslow/.ssh/config debug1: /home/purslow/.ssh/config line 1: Applying options for 128.100.160.1 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 128.100.160.1 [128.100.160.1] port 22. debug1: Connection established. debug1: identity file /home/purslow/.ssh/id_rsa type -1 debug1: identity file /home/purslow/.ssh/id_rsa-cert type -1 debug1: identity file /home/purslow/.ssh/id_dsa type -1 debug1: identity file /home/purslow/.ssh/id_dsa-cert type -1 debug1: identity file /home/purslow/.ssh/id_ecdsa type -1 debug1: identity file /home/purslow/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/purslow/.ssh/id_ed25519 type -1 debug1: identity file /home/purslow/.ssh/id_ed25519-cert type -1 debug1: identity file /home/purslow/.ssh/id_xmss type -1 debug1: identity file /home/purslow/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH_3.* compat 0x01000002 debug1: Authenticating to 128.100.160.1:22 as 'purslow' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group-exchange-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent debug1: got SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: got SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: ssh-rsa SHA256:QrYQ/7OU5PUyPucvn/Yxj7/xLmsOH/tqfBGaocfSuaw debug1: Host '128.100.160.1' is known and matches the RSA host key. debug1: Found key in /home/purslow/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: Will attempt key: /home/purslow/.ssh/id_rsa debug1: Will attempt key: /home/purslow/.ssh/id_dsa debug1: Will attempt key: /home/purslow/.ssh/id_ecdsa debug1: Will attempt key: /home/purslow/.ssh/id_ed25519 debug1: Will attempt key: /home/purslow/.ssh/id_xmss debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/purslow/.ssh/id_rsa debug1: Trying private key: /home/purslow/.ssh/id_dsa debug1: Trying private key: /home/purslow/.ssh/id_ecdsa debug1: Trying private key: /home/purslow/.ssh/id_ed25519 debug1: Trying private key: /home/purslow/.ssh/id_xmss debug1: Next authentication method: password purslow@128.100.160.1's password: > and check for a line like this: > debug1: Reading configuration data /home/purslow/.ssh/config > debug1: /home/purslow/.ssh/config line xx: Applying options for 128.100.160.1 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Connecting to 128.100.160.1 ... blah-blah As you can see, that's what I got above. > This will show you if ~/.ssh/config is being sourced, > if the lines you have specified for Host 128.100.160.1 therein > are being parsed by ssh and if the connection is attempted. > The line which should come next is: > debug1: Connection established. There it is. > which will be followed with algos and ciphers exchange. As above. > HTH. Indeed, but not in the way you intended. So why does IP vs URL make a difference ?? -- ========================,,============================================ SUPPORT ___________//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT `-O----------O---' purslowatchassdotutorontodotca