From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from forward500p.mail.yandex.net (forward500p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:110]) by sourceware.org (Postfix) with ESMTPS id 957A93857034 for ; Thu, 31 Mar 2022 20:05:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 957A93857034 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=yandex.ru Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=yandex.ru Received: from sas8-725cda28fc94.qloud-c.yandex.net (sas8-725cda28fc94.qloud-c.yandex.net [IPv6:2a02:6b8:c1b:2a8f:0:640:725c:da28]) by forward500p.mail.yandex.net (Yandex) with ESMTP id 4A412F0166D; Thu, 31 Mar 2022 23:05:02 +0300 (MSK) Received: from sas2-1cbd504aaa99.qloud-c.yandex.net (sas2-1cbd504aaa99.qloud-c.yandex.net [2a02:6b8:c14:7101:0:640:1cbd:504a]) by sas8-725cda28fc94.qloud-c.yandex.net (mxback/Yandex) with ESMTP id ISUXDIEIr4-51fu1cvM; Thu, 31 Mar 2022 23:05:02 +0300 X-Yandex-Fwd: 2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1648757102; bh=j8fr2yFwTZpybcOnm5EOhIVJZjQLKjlvU5rT2suYMLM=; h=In-Reply-To:Subject:To:From:Message-ID:References:Date:Reply-To; b=Tp5QY2UhUHyihmwUW4/ebBiaWRIp317N78tgM9FJPK7TO/oFaRXVrAlmiFks7T09y W7FkdKwZeVZR1oVj+meDl1SrS3qkjDxAeinPwEXJeYEJOnAT/5+N5SYQv52+xYzJ6H l4PuayuyP/HSxgYo7EuDY5g0K1I8CM6VP6GbdkPo= Authentication-Results: sas8-725cda28fc94.qloud-c.yandex.net; dkim=pass header.i=@yandex.ru Received: by sas2-1cbd504aaa99.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id DmtJsNBxqg-51KGpjjs; Thu, 31 Mar 2022 23:05:01 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) Received: from [192.168.1.10] (HELO daemon2.darkdragon.lan) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Thu, 31 Mar 2022 20:04:35 -0000 Date: Thu, 31 Mar 2022 23:04:35 +0300 From: Andrey Repin X-Mailer: The Bat! (v9.3.4) Professional Reply-To: cygwin@cygwin.com Message-ID: <222393658.20220331230435@yandex.ru> To: Chris Roehrig , cygwin@cygwin.com Subject: Re: SSH connection from Linux to Windows by CYGSSHD: port 22 In-Reply-To: References: <114169113.20220331161839@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, KAM_NUMSUBJECT, KAM_THEBAT, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE, XM_LIGHT_HEAVY autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Mar 2022 20:05:07 -0000 Greetings, Chris Roehrig! > I recently had to add the following lines to my Cygwin /etc/sshd_config to > re-enable RSA in order for my older machines to connect: > HostKeyAlgorithms +ssh-rsa > PubkeyAcceptedAlgorithms +ssh-rsa I'm not using RSA for, like, 5 years now. Too long to manage. > -- Chris > On 2022-03-31 06:18, Andrey Repin wrote: >> Greetings, Greco Giovanni! >> >>> must port 22 on Windows server be enabled in a bidirectional way to >>> establish a connection with RSA key exchange? >>> I have a Linux server on a vlan and a Windows server on another vlan, those >>> vlans are connected thru a firewall, where port 22 is enabled from Linux >>> server to Windows server unidirectionally. >>> Connection with user and password works, but not with RSA key exchange: is >>> the problem located on port 22 unidirectional enabling? >> No, it is most likely because you are connecting to Microsoft provided >> OpenSSH. >> `netstat -aon` and `ps ax` will tell you more. >> >> -- With best regards, Andrey Repin Thursday, March 31, 2022 23:03:27 Sorry for my terrible english...