* OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
@ 2020-09-15 17:00 Everett, Tom (Nokia - US/Westford)
2020-09-15 19:36 ` Brian Inglis
0 siblings, 1 reply; 2+ messages in thread
From: Everett, Tom (Nokia - US/Westford) @ 2020-09-15 17:00 UTC (permalink / raw)
To: cygwin
I have tried to add kex to config files but I am still unable to get this to work. It was working at one point but I did not back it up or write instructions because I thought I would never have to touch it again, until I did 😊
Need help establishing the recipe again. Any help would be appreciated.
$ cygcheck -c Cygwin
Cygwin Package Information
Package Version Status
cygwin 3.1.7-1 OK
SSH Results:
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version LiteSSH
debug1: no match: LiteSSH
…
…
debug1: kex: algorithm: (no match)
Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
$ ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org
$ ssh admin@10.0.3.6
Connection reset by 10.0.3.6 port 22
Complete listing:
$ ssh -vv -oHostKeyAlgorithms=+ssh-dss -oStrictHostKeyChecking=no admin@10.0.3.6
OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
debug2: resolve_canonicalize: hostname 10.0.3.6 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.0.3.6 [10.0.3.6] port 22.
debug1: Connection established.
debug1: identity file /home/tester/.ssh/id_rsa type -1
debug1: identity file /home/tester/.ssh/id_rsa-cert type -1
debug1: identity file /home/tester/.ssh/id_dsa type -1
debug1: identity file /home/tester/.ssh/id_dsa-cert type -1
debug1: identity file /home/tester/.ssh/id_ecdsa type -1
debug1: identity file /home/tester/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/tester/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/tester/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/tester/.ssh/id_ed25519 type -1
debug1: identity file /home/tester/.ssh/id_ed25519-cert type -1
debug1: identity file /home/tester/.ssh/id_ed25519_sk type -1
debug1: identity file /home/tester/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/tester/.ssh/id_xmss type -1
debug1: identity file /home/tester/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version LiteSSH
debug1: no match: LiteSSH
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.3.6:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes256-ctr
debug2: ciphers stoc: aes256-ctr
debug2: MACs ctos: hmac-sha1
debug2: MACs stoc: hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: (no match)
Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
Thanks,
Thomas Everett
Nokia USA
1 Robbins Rd.
Westford, MA. 01886
1-978-320-3746
tom.everett@nokia.com<mailto:tom.everett@nokia.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
2020-09-15 17:00 OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 Everett, Tom (Nokia - US/Westford)
@ 2020-09-15 19:36 ` Brian Inglis
0 siblings, 0 replies; 2+ messages in thread
From: Brian Inglis @ 2020-09-15 19:36 UTC (permalink / raw)
To: cygwin
On 2020-09-15 11:00, Everett, Tom (Nokia - US/Westford) via Cygwin wrote:
> I have tried to add kex to config files but I am still unable to get this to work. It was working at one point but I did not back it up or write instructions because I thought I would never have to touch it again, until I did 😊
>
> Need help establishing the recipe again. Any help would be appreciated.
>
>
> $ cygcheck -c Cygwin
> Cygwin Package Information
> Package Version Status
> cygwin 3.1.7-1 OK
>
>
> SSH Results:
>
> debug1: Local version string SSH-2.0-OpenSSH_8.3
> debug1: Remote protocol version 2.0, remote software version LiteSSH
> debug1: no match: LiteSSH
> …
> …
> debug1: kex: algorithm: (no match)
> Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
>
> $ ssh -Q kex
> diffie-hellman-group1-sha1
> diffie-hellman-group14-sha1
> diffie-hellman-group14-sha256
> diffie-hellman-group16-sha512
> diffie-hellman-group18-sha512
> diffie-hellman-group-exchange-sha1
> diffie-hellman-group-exchange-sha256
> ecdh-sha2-nistp256
> ecdh-sha2-nistp384
> ecdh-sha2-nistp521
> curve25519-sha256
> curve25519-sha256@libssh.org
> sntrup4591761x25519-sha512@tinyssh.org
>
> $ ssh admin@10.0.3.6
> Connection reset by 10.0.3.6 port 22
>
> Complete listing:
> $ ssh -vv -oHostKeyAlgorithms=+ssh-dss -oStrictHostKeyChecking=no admin@10.0.3.6
> OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
> debug2: resolve_canonicalize: hostname 10.0.3.6 is address
> debug2: ssh_connect_direct
> debug1: Connecting to 10.0.3.6 [10.0.3.6] port 22.
> debug1: Connection established.
> debug1: identity file /home/tester/.ssh/id_rsa type -1
> debug1: identity file /home/tester/.ssh/id_rsa-cert type -1
> debug1: identity file /home/tester/.ssh/id_dsa type -1
> debug1: identity file /home/tester/.ssh/id_dsa-cert type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa-cert type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa_sk type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa_sk-cert type -1
> debug1: identity file /home/tester/.ssh/id_ed25519 type -1
> debug1: identity file /home/tester/.ssh/id_ed25519-cert type -1
> debug1: identity file /home/tester/.ssh/id_ed25519_sk type -1
> debug1: identity file /home/tester/.ssh/id_ed25519_sk-cert type -1
> debug1: identity file /home/tester/.ssh/id_xmss type -1
> debug1: identity file /home/tester/.ssh/id_xmss-cert type -1
> debug1: Local version string SSH-2.0-OpenSSH_8.3
> debug1: Remote protocol version 2.0, remote software version LiteSSH
> debug1: no match: LiteSSH
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authenticating to 10.0.3.6:22 as 'admin'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: local client KEXINIT proposal
> debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
> debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
> debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
> debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
> debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: compression ctos: none,zlib@openssh.com,zlib
> debug2: compression stoc: none,zlib@openssh.com,zlib
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug2: peer server KEXINIT proposal
> debug2: KEX algorithms: diffie-hellman-group14-sha1
> debug2: host key algorithms: ssh-rsa
> debug2: ciphers ctos: aes256-ctr
> debug2: ciphers stoc: aes256-ctr
> debug2: MACs ctos: hmac-sha1
> debug2: MACs stoc: hmac-sha1
> debug2: compression ctos: none
> debug2: compression stoc: none
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug1: kex: algorithm: (no match)
> Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
Do these help?
https://www.openssh.com/legacy.html
https://www.ssh.com/ssh/sshd_config/
https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0
Curl cygport check uses kex a lot in its tests so that might give you some help.
You could check it out online under
https://github.com/curl/curl/tree/master/tests
download the package sources, or I could PM you selected generated or log files,
if you know what you want to see.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in IEC units and prefixes, physical quantities in SI.]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-15 19:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-15 17:00 OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 Everett, Tom (Nokia - US/Westford)
2020-09-15 19:36 ` Brian Inglis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).