From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) by sourceware.org (Postfix) with ESMTPS id 9A876386F40D for ; Mon, 20 Apr 2020 10:11:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 9A876386F40D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=towo.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=towo@towo.net Received: from [192.168.178.45] ([95.90.245.244]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MZkxd-1jlWUR1Wzv-00WnU6 for ; Mon, 20 Apr 2020 12:11:44 +0200 Subject: Re: latest openssh can not connect to older server To: cygwin@cygwin.com References: From: Thomas Wolff X-Tagtoolbar-Keys: D20200420121140527 Message-ID: <81bb8ed0-e552-fa06-70c6-c587fa3e9b5c@towo.net> Date: Mon, 20 Apr 2020 12:11:40 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:52SFvc0amRUTJQNVrpU2c7kFkXSEAOiNbedaBzmxmWonGRW6TPN 7zcVS3X6DPvX9jWqDuBwncTyplUA4c+LVBe44Sy7xambf+V0Znr5wA0PCIkOKl17K0dPZ1o cK2yN5P7EutK99YykYJResTTGw/hWmPLCR9SyawBOIoGhMUUzS3dZJ1qI5+GAi4SwwXn3ex fgR8fEdssEhYVje752sWQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:/UpCDj03QfQ=:zDmosZeXMBDIqSDvVv/Lwr dPgfw3cupHaNq64y0ZrjNSWR+3wP6FqijLxZGBuB/FW5OInGNlzlHYMjHxHq6QK0hm91wTuT3 7AwUruNbT9dvrDD1mk6HJsi7MNGsDV1of4UhlAojui4XKJs8OXn0FmF/fnh3FgJhC8aw1a6v3 XTw0GpaV1A4mtkrscKE1R4qmjSGG7EEy+NKMSyywUYe84qUDegRAVW7qGzgTEDcmDW/TZFaz8 0BdLj5yGMokVJ04+vZSPFdI4HFkXzWeggYrH71HYsQ3ROoI3nM4nqfLgaawat+jT0BIqn6Gxl SY+DO7DGaRSHHUJaNCu4GPp1YrTiA/CUSLkiF4FSFqcmIi+InZw/OynoHnl3VhE9PASBbgQqO Je2u+YUIhDcv15sdgW6VvT4P6tysWSYVDx+9w4EogmicQjHOFWkLawvCEzMY8+DVtVZ9veDqb L5VsdeOobB/pf0zPpc/vvswsqeav2wfvl3v7k0rCXINHsw03pVbaitaIsXW9HzXVD+oY2bQ2A TMwsuKyd/DEfbSrmpD2dlfvuJGAUe40YqqwAd20tHw/DtzHWign+bvpxmtx8Mp5szhHCZDHZO +NSJf5WaLSnI9Xn76LTjreDY6wF3tsI6wJxwpO4tVcDqlLntHwcBzyWaLVYC7zqWzQ0JgKwt0 EHBAGFZiSK/yDKSySg1hDwinL40SitAzjfttdv+//l1ilp4EzUK5icdzWR9EOAlYRWr/moZOe Cr78oFdl/bq1SqDGV2UlH+hmMeRjeS1OiGtQ0sQhTeKbxAs3nLzyFb7pZOKjcc/CLyR9ngmeJ vrdIOY4kjNhiTHxSDovH4DHXNHjirz+D5Ivh5DcJTseL9slT1E= X-Spam-Status: No, score=-11.3 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2020 10:11:47 -0000 Am 19.04.2020 um 14:31 schrieb Sharuzzaman Ahmat Raslan via Cygwin: > Hi. > > New OpenSSH client will not connect to server that use SHA1. > > Please refer to this: https://www.openssh.com/legacy.html > > You should configure your old server to use more modern cipher This isn't always a feasible approach. I access a WD MybookLive NAS storage via ssh. It still works with current openssh (8.2) but I wouldn't know how to find out the methods supported by my server and wouldn't like to risk the adventure to upgrade such a device. Therefore I'd suggest to configure in "legacy" methods in the cygwin openssh package as mentioned under the link above, to avoid such trouble. Thomas > Thank you > > On Sun, 19 Apr 2020, 8:13 pm David Balažic via Cygwin, > wrote: > >> Hi! >> >> I tried to backup some files from my server with scp and failed: >> >> $ scp -v root@the.server:/root/a.file . >> Executing: program /usr/bin/ssh host the.server, user root, command >> scp -v -f /root/a.file >> OpenSSH_8.2p1, OpenSSL 1.1.1f 31 Mar 2020 >> debug1: Connecting to the.server [192.168.1.11] port 22. >> debug1: Connection established. >> debug1: identity file /home/stein/.ssh/id_rsa type -1 >> debug1: identity file /home/stein/.ssh/id_rsa-cert type -1 >> debug1: identity file /home/stein/.ssh/id_dsa type -1 >> debug1: identity file /home/stein/.ssh/id_dsa-cert type -1 >> debug1: identity file /home/stein/.ssh/id_ecdsa type -1 >> debug1: identity file /home/stein/.ssh/id_ecdsa-cert type -1 >> debug1: identity file /home/stein/.ssh/id_ecdsa_sk type -1 >> debug1: identity file /home/stein/.ssh/id_ecdsa_sk-cert type -1 >> debug1: identity file /home/stein/.ssh/id_ed25519 type -1 >> debug1: identity file /home/stein/.ssh/id_ed25519-cert type -1 >> debug1: identity file /home/stein/.ssh/id_ed25519_sk type -1 >> debug1: identity file /home/stein/.ssh/id_ed25519_sk-cert type -1 >> debug1: identity file /home/stein/.ssh/id_xmss type -1 >> debug1: identity file /home/stein/.ssh/id_xmss-cert type -1 >> debug1: Local version string SSH-2.0-OpenSSH_8.2 >> debug1: Remote protocol version 2.0, remote software version >> dropbear_2011.54 >> debug1: no match: dropbear_2011.54 >> debug1: Authenticating to the.server:22 as 'root' >> debug1: SSH2_MSG_KEXINIT sent >> debug1: SSH2_MSG_KEXINIT received >> debug1: kex: algorithm: (no match) >> Unable to negotiate with 192.168.1.11 port 22: no matching key >> exchange method found. Their offer: >> diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 >> >> >> I tried OpenSSH_8.0p1-2 which is still available in the cygwin >> setup-x86_64.exe wizard and that version works fine. >> (the version above is 8.2.p1-1 in the setup wizard) >> >> Regards, >> David >> -- >> Problem reports: https://cygwin.com/problems.html >> FAQ: https://cygwin.com/faq/ >> Documentation: https://cygwin.com/docs.html >> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple >> > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple