From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.9]) by sourceware.org (Postfix) with ESMTPS id 147633861026 for ; Tue, 15 Sep 2020 19:36:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 147633861026 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from [192.168.1.104] ([24.64.172.44]) by shaw.ca with ESMTP id IGklke9uh195BIGkmkBgNd; Tue, 15 Sep 2020 13:36:37 -0600 X-Authority-Analysis: v=2.4 cv=Wfqy12tX c=1 sm=1 tr=0 ts=5f6117c5 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=IkcTkHD0fZMA:10 a=nar8ntqeAAAA:8 a=naEXXqGbAAAA:8 a=HU1OPnRnAAAA:8 a=FoQ7CbSEAAAA:8 a=Ye9q-bpsAAAA:8 a=kPCIzciLAAAA:20 a=R8AbXUnjxpSjCnGZY80A:9 a=QEXdDO2ut3YA:10 a=P3yLNOpNF_cA:10 a=8nfKT-2EcRIA:10 a=RptMqvEBejqe73AKBt4K:22 a=adNk-MISbSjUckp9qowm:22 a=vQ5cN67eHy2kcvnFvKcb:22 a=dLYXdOGz40Mu-wJ5lII4:22 Reply-To: cygwin@cygwin.com Subject: Re: OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 To: cygwin@cygwin.com References: From: Brian Inglis Autocrypt: addr=Brian.Inglis@SystematicSw.ab.ca; prefer-encrypt=mutual; keydata= mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0 LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5 /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5 RSyTY8X+AQ== Organization: Systematic Software Message-ID: Date: Tue, 15 Sep 2020 13:36:35 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-CA Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfJm0SyFtz7JiCSiWNk67LirV3sdwn7q86ai0Pdoq/Phhq4UbaBmWeXtjHYgd3VMsOWQZZnIFnFRQnkMX/ZciTrR6H3x/SmNFGddmoGghexWi1vJqrg7u a1txzqmOC2h9w3vmChgB5XNJqDnfLL4/KH7Z3qTVUVTaQbm1iwlm30vWD9lcsqwY4YvwznCQi8s35pU6kpPHk8yBtcBTjrrLG8w= X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2020 19:36:39 -0000 On 2020-09-15 11:00, Everett, Tom (Nokia - US/Westford) via Cygwin wrote: > I have tried to add kex to config files but I am still unable to get this to work. It was working at one point but I did not back it up or write instructions because I thought I would never have to touch it again, until I did 😊 > > Need help establishing the recipe again. Any help would be appreciated. > > > $ cygcheck -c Cygwin > Cygwin Package Information > Package Version Status > cygwin 3.1.7-1 OK > > > SSH Results: > > debug1: Local version string SSH-2.0-OpenSSH_8.3 > debug1: Remote protocol version 2.0, remote software version LiteSSH > debug1: no match: LiteSSH > … > … > debug1: kex: algorithm: (no match) > Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1 > > $ ssh -Q kex > diffie-hellman-group1-sha1 > diffie-hellman-group14-sha1 > diffie-hellman-group14-sha256 > diffie-hellman-group16-sha512 > diffie-hellman-group18-sha512 > diffie-hellman-group-exchange-sha1 > diffie-hellman-group-exchange-sha256 > ecdh-sha2-nistp256 > ecdh-sha2-nistp384 > ecdh-sha2-nistp521 > curve25519-sha256 > curve25519-sha256@libssh.org > sntrup4591761x25519-sha512@tinyssh.org > > $ ssh admin@10.0.3.6 > Connection reset by 10.0.3.6 port 22 > > Complete listing: > $ ssh -vv -oHostKeyAlgorithms=+ssh-dss -oStrictHostKeyChecking=no admin@10.0.3.6 > OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 > debug2: resolve_canonicalize: hostname 10.0.3.6 is address > debug2: ssh_connect_direct > debug1: Connecting to 10.0.3.6 [10.0.3.6] port 22. > debug1: Connection established. > debug1: identity file /home/tester/.ssh/id_rsa type -1 > debug1: identity file /home/tester/.ssh/id_rsa-cert type -1 > debug1: identity file /home/tester/.ssh/id_dsa type -1 > debug1: identity file /home/tester/.ssh/id_dsa-cert type -1 > debug1: identity file /home/tester/.ssh/id_ecdsa type -1 > debug1: identity file /home/tester/.ssh/id_ecdsa-cert type -1 > debug1: identity file /home/tester/.ssh/id_ecdsa_sk type -1 > debug1: identity file /home/tester/.ssh/id_ecdsa_sk-cert type -1 > debug1: identity file /home/tester/.ssh/id_ed25519 type -1 > debug1: identity file /home/tester/.ssh/id_ed25519-cert type -1 > debug1: identity file /home/tester/.ssh/id_ed25519_sk type -1 > debug1: identity file /home/tester/.ssh/id_ed25519_sk-cert type -1 > debug1: identity file /home/tester/.ssh/id_xmss type -1 > debug1: identity file /home/tester/.ssh/id_xmss-cert type -1 > debug1: Local version string SSH-2.0-OpenSSH_8.3 > debug1: Remote protocol version 2.0, remote software version LiteSSH > debug1: no match: LiteSSH > debug2: fd 3 setting O_NONBLOCK > debug1: Authenticating to 10.0.3.6:22 as 'admin' > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: local client KEXINIT proposal > debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c > debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss > debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com > debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: compression ctos: none,zlib@openssh.com,zlib > debug2: compression stoc: none,zlib@openssh.com,zlib > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug2: peer server KEXINIT proposal > debug2: KEX algorithms: diffie-hellman-group14-sha1 > debug2: host key algorithms: ssh-rsa > debug2: ciphers ctos: aes256-ctr > debug2: ciphers stoc: aes256-ctr > debug2: MACs ctos: hmac-sha1 > debug2: MACs stoc: hmac-sha1 > debug2: compression ctos: none > debug2: compression stoc: none > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug1: kex: algorithm: (no match) > Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1 Do these help? https://www.openssh.com/legacy.html https://www.ssh.com/ssh/sshd_config/ https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0 Curl cygport check uses kex a lot in its tests so that might give you some help. You could check it out online under https://github.com/curl/curl/tree/master/tests download the package sources, or I could PM you selected generated or log files, if you know what you want to see. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in IEC units and prefixes, physical quantities in SI.]