1 |
Hi Philip, |
2 |
|
3 |
On Tuesday, 12 March 2019 10:02:07 GMT Philip Webb wrote: |
4 |
> 190311 Neil Bothwick wrote: |
5 |
> > Do you have any other Host stanzas in the config? |
6 |
> |
7 |
> No : /etc/ssh/ssh_config has the following uncommented lines : |
8 |
> |
9 |
> # Send locale environment variables. #367017 |
10 |
> SendEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC |
11 |
> LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME |
12 |
> LC_PAPER LC_TELEPHONE # Send COLORTERM to match TERM. #658540 |
13 |
> SendEnv COLORTERM |
14 |
> # PP 190312 |
15 |
> Host 128.100.160.1 |
16 |
> KexAlgorithms +diffie-hellman-group1-sha1 |
17 |
> # Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr |
18 |
> |
19 |
> I tried adding the 'Ciphers' line, which is mentioned in the I/net page, |
20 |
> but Ssh chokes, so I commented it again : |
21 |
|
22 |
The ciphers do not come into play until the key exchange algos have been |
23 |
agreed upon. In your case the handshake does not reach this far and therefore |
24 |
you do not need (yet) to specify any additional ciphers. The server problem |
25 |
is still with the KexAlgorithms. |
26 |
|
27 |
> ~/.ssh/config has : |
28 |
> |
29 |
> Host 128.100.160.1 |
30 |
> KexAlgorithms +diffie-hellman-group1-sha1 |
31 |
> |
32 |
> The latest output ('538' above) shows that it reads ~/.ssh/config , |
33 |
> but apparently doesn't find what it wants there |
34 |
> & therefore goes on to /etc/ssh/ssh_config , on which it chokes. |
35 |
> Without the 'Cipher' line in the latter, it carries on with the handshake, |
36 |
> but eventually can't do the key exchange. |
37 |
> |
38 |
> I've just looked at the USE flags : |
39 |
> |
40 |
> root:528 ssh> eix net-misc/openssh |
41 |
> Available versions: 7.5_p1-r4 7.7_p1-r9^t 7.9_p1-r4^t {X X509 audit |
42 |
> bindist debug (+)hpn kerberos ldap ldns libedit libressl livecd pam +pie |
43 |
> sctp selinux skey ssh1 +ssl static test ABI_MIPS="n32" KERNEL="linux"} |
44 |
> Installed versions: 7.9_p1-r4^t([2019-03-09 22:25:11])(X ssl -X509 -audit |
45 |
> -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie |
46 |
> -sctp -selinux -static -test ABI_MIPS="-n32" KERNEL="linux") |
47 |
> |
48 |
> NB Eix shows a Use flag 'ssh1', which Euses describes as : |
49 |
> |
50 |
> net-misc/openssh:ssh1 - Support the legacy/weak SSH1 protocol |
51 |
|
52 |
If you watch The Matrix, a 20 year old film, you will see why ssh version 1 |
53 |
should be disabled by default, or the machine on which it is enabled isolated |
54 |
from the Internet. |
55 |
|
56 |
|
57 |
> Can anyone offer further advice ? -- Thanks so far. |
58 |
|
59 |
I suggest you remove all settings for Host 128.100.160.1 from the /etc/ssh/ |
60 |
ssh_config file and place them in your ~/.ssh/config file only. Then run ssh: |
61 |
|
62 |
ssh -v 128.100.160.1 |
63 |
|
64 |
and check for a line like this: |
65 |
|
66 |
debug1: Reading configuration data /home/purslow/.ssh/config |
67 |
debug1: /home/purslow/.ssh/config line xx: Applying options for 128.100.160.1 |
68 |
debug1: Reading configuration data /etc/ssh/ssh_config |
69 |
debug1: Connecting to 128.100.160.1 ... blah-blah |
70 |
|
71 |
This will show you if ~/.ssh/config is being sourced, if the lines you have |
72 |
specified for Host 128.100.160.1 therein are being parsed by ssh and if the |
73 |
connection is attempted. |
74 |
|
75 |
The line which should come next is: |
76 |
|
77 |
debug1: Connection established. |
78 |
|
79 |
which will be followed with algos and ciphers exchange. |
80 |
|
81 |
HTH. |
82 |
-- |
83 |
Regards, |
84 |
Mick |