Re: Haven't seen this ssh output before

To: debian-user@lists.debian.org
Subject: Re: Haven't seen this ssh output before
From: Harry Putnam <reader@newsguy.com>
Date: Wed, 26 Nov 2014 16:31:54 -0500
Message-id: <[🔎] 87tx1lhcmt.fsf@newsguy.com>
References: <[🔎] 87tx1mpx0x.fsf@reader.local.lan> <[🔎] 20141126031051.GA26345@well-adjusted.de>

Jochen Spieker <ml@well-adjusted.de> writes:

> Harry Putnam:
>> 
>> harry-on-REMOTE-sol > ssh REMOTE-deb
>> 
>>    no common kex alg: client
>>    'diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1',
>>    server   
>>    'curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1'

> This means client and server couldn't agree on a key exchange
> algorithm. If you compare the client's and the server's list you will
> notice they have nothing in common.

Seems odd that it should fail then since I'm not using a key based
access.  Just password.  Perhaps I don't understand how ssh works.

> What flavor if Debian is the remote host running? The package
> openssh-server from unstable has this more or less recent changelog
> entry:

The first line of OP mentions that I'm running `jessie'.

>
> openssh (1:6.7p1-1) unstable; urgency=medium
>
>   * New upstream release (http://www.openssh.com/txt/release-6.7):
>     - sshd(8): The default set of ciphers and MACs has been altered to
>       remove unsafe algorithms.  In particular, CBC ciphers and arcfour* are
>       disabled by default.  The full set of algorithms remains available if
>       configured explicitly via the Ciphers and MACs sshd_config options.
> …
>  -- Colin Watson <cjwatson@debian.org>  Thu, 09 Oct 2014 14:05:56 +0100

Thanks for the usefull input... I'm now trying to investigate some way
to get these two versions to comply with each other.... 

-------       -------       ---=---       -------       ------- 

Hard to believe that I haven't `full-upgraded' in over a month but
apparently it is the case.

It seems none of the client list from error output are mentioned as
being an unsafe alg.  but yet it fails.

Seems unreasonable to put such a weak clue in the changelog... neither
sshd_config on REMOTE or LOCAL have any mention of such options.

I would assume that wheezy has the same version of openssh installed eh?

I'm not at all clear on how one would go about making an adjustment in
sshd_config to allow the algs used by my REMOTE-sol to be recognized.

REMOTE-sol does not appear to be using OpenSSH .. maybe a solaris
version of SSH.  

In light of the comments above; if you have any more info on this and
have the time... please post.

Reply to:

Follow-Ups:
- Re: Haven't seen this ssh output before
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: Haven't seen this ssh output before
  - From: Harry Putnam <reader@newsguy.com>

References:
- Haven't seen this ssh output before
  - From: Harry Putnam <reader@newsguy.com>
- Re: Haven't seen this ssh output before
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: Systemd debugging
Next by Date: Re: Why focus on systemd?
Previous by thread: Re: Haven't seen this ssh output before
Next by thread: Re: Haven't seen this ssh output before
Index(es):
- Date
- Thread