Re: a dh keys question?

[Karen Lewellen <klewellen@shellworld.net>]

1.
I am not using Linux, but an ssh client compiled from a combination of 
tools, Linux and otherwise, including putty.
I have been very firm in not stating that I use Linux at all.
In fact the first sentence of my question stated that while the issue is 
complex, the question, where dh keys are generated, was simple.
2. I can state firmly that the port number  has absolutely a great  deal 
to do with my issue.
best evidence?  your getting this e-mail at all.
I am writing using a shell service that uses Ubuntu 16.04 as its 
platform...same as dreamhost.
we do not use port 22 here, and I can use my ssh client to reach my 
workspace..doing such as we speak..
Likewise  an associate who hosts their  own servers created a temp account 
for   me, using port 4460...worked perfectly.
I respect other factors might  be involved, but my goal is the swiftest 
solution that lets us move our services from dreamhost somewhere else to 
which I can ssh from my desktop.
If choosing a location with a port other than 22 solves the issue, it is 
good enough for me.
Karen



On Thu, 2 Aug 2018, Dan Purgert wrote:

> Karen Lewellen wrote:
> > Hi,
> >
> > On Wed, 1 Aug 2018, Dan Ritter wrote:
> >
> > > She's been asked for logs and exact error message several times
> > > now, and has not provided any.
> > That is because according to the locations I am trying to visit, i. e.
> > our organizations new server with pair network,  my attempts are not
> > producing logs at all.
>
> The output when you run the command "ssh -vv" is the log information
> that we're asking for.  It's spit out right there on your stderr.  You
> can then copy/paste that into a message for us to read.
>
> Now, if you're not using the (linux) command-line ssh client, it would
> be kind of a good idea to tell us this information (if you already did,
> I apologize, as I missed it).
>
> > [...]
> > Remote host closed connection
> > DH Key exchange failed
> > remote reset connection.
> > that is all I am getting .
> > As for my comment in another post about the fastest solution, that refers
> > to finding a hosting company for our office that provides server  access
> > that does not use port 22.
>
> Using a port other than 22 has absolutely zero to do with the
> diffie-hellman error you are receiving.  If you would run the ssh
> commands with higher verbosity (IIRC, minimally "-vv"), you would see
> the actual error.
>
> If you feel like testing this assertion out, feel free to ssh as
> karen@djph.net. Also try karen@djph.net:2022 (both are non-existant
> accounts).
>
> Both ports forward to the same relatively modern server (ssh version
> 6.7p1+), and I fully expect you to get the error:
>    "Permission Denied (publickey)"
>
> Although, that being said, they are also running pretty limited sets of
> allowed ciphers/kexalgos/micalgs ... so if it is indeed your client that
> is old, you may get some other error, such as a Diffie-Hellman
> out-of-range error.
>
> Again, the proper minimal command to get the full logs for review would be
>
>    ssh -vv karen@djph.net
>
> or
>
>    ssh -vv -p 2022 karen@djph.net
>
>
> --
> |_|O|_| Registered Linux user #585947
> |_|_|O| Github: https://github.com/dpurgert
> |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281