| 1 |
190311 Neil Bothwick wrote: |
| 2 |
> Do you have any other Host stanzas in the config? |
| 3 |
|
| 4 |
No : /etc/ssh/ssh_config has the following uncommented lines : |
| 5 |
|
| 6 |
# Send locale environment variables. #367017 |
| 7 |
SendEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE |
| 8 |
# Send COLORTERM to match TERM. #658540 |
| 9 |
SendEnv COLORTERM |
| 10 |
# PP 190312 |
| 11 |
Host 128.100.160.1 |
| 12 |
KexAlgorithms +diffie-hellman-group1-sha1 |
| 13 |
# Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr |
| 14 |
|
| 15 |
I tried adding the 'Ciphers' line, which is mentioned in the I/net page, |
| 16 |
but Ssh chokes, so I commented it again : |
| 17 |
|
| 18 |
528: ~> ssh -v chass.utoronto.ca |
| 19 |
OpenSSH_7.9p1, OpenSSL 1.0.2r 26 Feb 2019 |
| 20 |
debug1: Reading configuration data /home/purslow/.ssh/config |
| 21 |
debug1: Reading configuration data /etc/ssh/ssh_config |
| 22 |
/etc/ssh/ssh_config line 57: Bad SSH2 cipher spec '3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr'. |
| 23 |
|
| 24 |
> Check both config files for conflicts |
| 25 |
|
| 26 |
~/.ssh/config has : |
| 27 |
|
| 28 |
Host 128.100.160.1 |
| 29 |
KexAlgorithms +diffie-hellman-group1-sha1 |
| 30 |
|
| 31 |
The latest output ('538' above) shows that it reads ~/.ssh/config , |
| 32 |
but apparently doesn't find what it wants there |
| 33 |
& therefore goes on to /etc/ssh/ssh_config , on which it chokes. |
| 34 |
Without the 'Cipher' line in the latter, it carries on with the handshake, |
| 35 |
but eventually can't do the key exchange. |
| 36 |
|
| 37 |
I've just looked at the USE flags : |
| 38 |
|
| 39 |
root:528 ssh> eix net-misc/openssh |
| 40 |
Available versions: 7.5_p1-r4 7.7_p1-r9^t 7.9_p1-r4^t {X X509 audit bindist debug (+)hpn kerberos ldap ldns libedit libressl livecd pam +pie sctp selinux skey ssh1 +ssl static test ABI_MIPS="n32" KERNEL="linux"} |
| 41 |
Installed versions: 7.9_p1-r4^t([2019-03-09 22:25:11])(X ssl -X509 -audit -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp -selinux -static -test ABI_MIPS="-n32" KERNEL="linux") |
| 42 |
|
| 43 |
NB Eix shows a Use flag 'ssh1', which Euses describes as : |
| 44 |
|
| 45 |
net-misc/openssh:ssh1 - Support the legacy/weak SSH1 protocol |
| 46 |
|
| 47 |
That looks as if it sb enabled, but when I try to enable it, |
| 48 |
it's available only for the oldest version : |
| 49 |
|
| 50 |
root:529 ssh> USE="ssh1" emerge -pv =openssh-7.5_p1-r4 |
| 51 |
|
| 52 |
Calculating dependencies... done! |
| 53 |
[ebuild UD] net-misc/openssh-7.5_p1-r4::gentoo [7.9_p1-r4::gentoo] USE="X -X509 -audit -bindist -debug -hpn -kerberos -ldap% -ldns -libedit -libressl -livecd -pam -pie -sctp (-selinux) -skey% ssh1%* ssl -static -test" |
| 54 |
|
| 55 |
root:530 ssh> USE="ssh1" emerge -pv =openssh-7.7_p1-r9 |
| 56 |
|
| 57 |
Calculating dependencies... done! |
| 58 |
[ebuild UD] net-misc/openssh-7.7_p1-r9::gentoo [7.9_p1-r4::gentoo] USE="X -X509 -audit -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp (-selinux) -skey% ssl -static -test" |
| 59 |
|
| 60 |
root:531 ssh> USE="ssh1" emerge -pv =openssh-7.9_p1-r4 |
| 61 |
|
| 62 |
Calculating dependencies... done! |
| 63 |
[ebuild R] net-misc/openssh-7.9_p1-r4::gentoo USE="X -X509 -audit -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp (-selinux) ssl -static -test" |
| 64 |
|
| 65 |
Can anyone offer further advice ? -- Thanks so far. |
| 66 |
|
| 67 |
-- |
| 68 |
========================,,============================================ |
| 69 |
SUPPORT ___________//___, Philip Webb |
| 70 |
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto |
| 71 |
TRANSIT `-O----------O---' purslowatchassdotutorontodotca |
Archives