OpenSSH/SSH2 incompatibility

To: debian-user@lists.debian.org
Subject: OpenSSH/SSH2 incompatibility
From: Ryan Sackenheim <ryan.sackenheim@viox-services.com>
Date: Tue, 9 Oct 2001 16:09:48 -0500
Message-id: <[🔎] 20011009160948.A8272@viox-services.com>

Yesterday when I upgraded Woody, I suddenly found myself unable to SSH
to the various machines on the network with the proprietary SSH2
servers.  Has there been a change in the ssh package that has an
incompatibility to SSH2?  

I am able to log into those machines with my local account password,
but I am unable to use my public keys.  I've tried creating them with
rsa, and dsa, and I've tried to force SSH version 1, but to no avail.
The permissions are correct on the keys in the .ssh directory.
Everything was working until the last upgrade yesterday (10/08/01).

Here's some debugging output:

---- client ----
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 185/384
debug1: bits set: 493/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: check_host_in_hostfile: filename /home/sackenheimr/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 4
debug3: check_host_in_hostfile: filename /home/sackenheimr/.ssh/known_hosts2
debug3: check_host_in_hostfile: match line 4
debug1: Host 'ewatch' is known and matches the DSA host key.
debug1: Found key in /home/sackenheimr/.ssh/known_hosts2:4
debug1: bits set: 525/1024
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /home/sackenheimr/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug1: try pubkey: /home/sackenheimr/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
sackenheimr@ewatch's password: 


--- server ---
sshd[4465]: connection from "192.168.1.86"
debug: Sshd2/sshd2.c:579/new_connection_callback: new_connection_callback
debug: Sshd2/sshd2.c:732/new_connection_callback: Wrapping stream with ssh_server_wrap...
debug: ssh_server_wrap: creating transport protocol
debug: SshAuthMethodServer/sshauthmethods.c:113/ssh_server_authentication_initialize: Added "publickey" to usable methods.
debug: SshAuthMethodServer/sshauthmethods.c:113/ssh_server_authentication_initialize: Added "password" to usable methods.
debug: ssh_server_wrap: creating userauth protocol
debug: Ssh2Common/sshcommon.c:502/ssh_common_wrap: local ip = 192.168.1.19, local port = 22
debug: Ssh2Common/sshcommon.c:504/ssh_common_wrap: remote ip = 192.168.1.86, remote port = 1905
debug: Ssh2Common/sshcommon.c:390/ssh_common_finalize: DNS lookup failed. Using host-IP-number ("192.168.1.86") as hostname.
sshd[4465]: DNS lookup failed for "192.168.1.86".
debug: SshConnection/sshconn.c:1866/ssh_conn_wrap: Wrapping...
debug: Sshd2/sshd2.c:743/new_connection_callback: done.
debug: new_connection_callback returning
debug: Ssh2Transport/trcommon.c:599/ssh_tr_input_version: Remote version: SSH-2.0-OpenSSH_2.9p2
debug: Ssh2Transport/trcommon.c:789/ssh_tr_input_version: Remote version has rekey incompatibility bug.
debug: Ssh2Transport/trcommon.c:1120/ssh_tr_negotiate: c_to_s: cipher 3des-cbc, mac hmac-md5, compression none
debug: Ssh2Transport/trcommon.c:1123/ssh_tr_negotiate: s_to_c: cipher 3des-cbc, mac hmac-md5, compression none
debug: Sshd2/sshd2.c:349/auth_policy_proc: user 'sackenheimr' service 'ssh-connection' client_ip '192.168.1.86' client_port '1905' completed ''
debug: Sshd2/sshd2.c:476/auth_policy_proc: output: publickey,password



Any ideas?

Thanks,

-Ryan

Reply to:

Follow-Ups:
- Re: OpenSSH/SSH2 incompatibility
  - From: Osamu Aoki <debian@aokiconsulting.com>

Prev by Date: Re: Can I convert an ext2 fs to Resierfs?
Next by Date: Re: Debian GNU/Linux as email & DNS server
Previous by thread: Starting X early
Next by thread: Re: OpenSSH/SSH2 incompatibility
Index(es):
- Date
- Thread