Re: a dh keys question?

To: debian-user@lists.debian.org
Subject: Re: a dh keys question?
From: Dan Purgert <dan@djph.net>
Date: Thu, 2 Aug 2018 00:28:55 -0000 (UTC)
Message-id: <[🔎] slrnpm4k27.krt.dan@xps-linux.djph.net>
References: <Pine.LNX.4.64.1807311128590.26432@server2.shellworld.net> <20180731155743.jex75ctoeot43g57@randomstring.org> <[🔎] bf53281f-e7c1-e511-68bc-0a1c059e8aec@walnut.gen.nz> <[🔎] slrnpm3255.krt.dan@xps-linux.djph.net> <[🔎] Pine.LNX.4.64.1808011438560.5966@server2.shellworld.net> <[🔎] E31A3A18-1388-4955-A3AC-0786FD35ED77@djph.net> <[🔎] 20180801203511.xuobaj6t7c4rgiv7@randomstring.org> <[🔎] Pine.LNX.4.64.1808011744250.10215@server2.shellworld.net>

Karen Lewellen wrote:
> Hi,
>
> On Wed, 1 Aug 2018, Dan Ritter wrote:
>
>> She's been asked for logs and exact error message several times
>> now, and has not provided any.
> That is because according to the locations I am trying to visit, i. e. 
> our organizations new server with pair network,  my attempts are not 
> producing logs at all.

The output when you run the command "ssh -vv" is the log information
that we're asking for.  It's spit out right there on your stderr.  You
can then copy/paste that into a message for us to read.

Now, if you're not using the (linux) command-line ssh client, it would
be kind of a good idea to tell us this information (if you already did,
I apologize, as I missed it).

> [...]
> Remote host closed connection
> DH Key exchange failed
> remote reset connection.
> that is all I am getting .
> As for my comment in another post about the fastest solution, that refers 
> to finding a hosting company for our office that provides server  access 
> that does not use port 22.

Using a port other than 22 has absolutely zero to do with the
diffie-hellman error you are receiving.  If you would run the ssh
commands with higher verbosity (IIRC, minimally "-vv"), you would see
the actual error.

If you feel like testing this assertion out, feel free to ssh as
karen@djph.net. Also try karen@djph.net:2022 (both are non-existant
accounts).

Both ports forward to the same relatively modern server (ssh version
6.7p1+), and I fully expect you to get the error:
    "Permission Denied (publickey)"

Although, that being said, they are also running pretty limited sets of
allowed ciphers/kexalgos/micalgs ... so if it is indeed your client that
is old, you may get some other error, such as a Diffie-Hellman
out-of-range error.

Again, the proper minimal command to get the full logs for review would be 

    ssh -vv karen@djph.net

or

    ssh -vv -p 2022 karen@djph.net

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

Follow-Ups:
- Re: a dh keys question?
  - From: Karen Lewellen <klewellen@shellworld.net>

References:
- Re: a dh keys question?
  - From: Richard Hector <richard@walnut.gen.nz>
- Re: a dh keys question?
  - From: Dan Purgert <dan@djph.net>
- Re: a dh keys question?
  - From: Karen Lewellen <klewellen@shellworld.net>
- Re: a dh keys question?
  - From: Dan Purgert <dan@djph.net>
- Re: a dh keys question?
  - From: Dan Ritter <dsr@randomstring.org>
- Re: a dh keys question?
  - From: Karen Lewellen <klewellen@shellworld.net>

Prev by Date: Re: Set the MTU on the interface
Next by Date: Re: a dh keys question?
Previous by thread: Re: a dh keys question?
Next by thread: Re: a dh keys question?
Index(es):
- Date
- Thread