Re: [Freedos-user] SSH2DOS - no connection with recent servers

Ulrich Hansen Mon, 23 Jan 2017 01:23:27 -0800

Update:

The solution I found last night seems to work only for older OpenSSH servers.


For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:

HostKeyAlgorithms ssh-dss

to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by 
default since OpenSSH 6.9.

But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.

Perhaps someone has an idea?

At the moment SSH2DOS can only be used to connect to older servers, running 
f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7). 

So soon there will be no functioning SSH client anymore for FreeDOS. :-(

Here are the messages:

SSH2DOS error message is:

C:\> ssh2d386 username 192.168.1.131
SSH2DOS v0.2.1. 386+ version
Expected KEX_DH_GEX_GROUP
DH key exchange failed
Remote host closed connection
Socket write error. File: transprt.c, line:698
Connection closed by peer

On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log says:

Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error: type 
30 seq 1 [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect from 
192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: Disconnected from 192.168.1.110 
port 564 [preauth]


C:\> ssh2d386 -d username 192.168.1.131

wrote the following output in C:\SSH2DOS\DEBUG.PKT:

-------------------

RECEIVED packet:
14 BE 6D 01 48 D3 E5 EB 2A C1 81 DE E7 31 AB DB 
B2 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C 
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E 
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64 
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00 
00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70 
65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 
32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 
6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 
2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 
2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65 
74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 
6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65 
6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34 
40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 
63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F 
6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C 
68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 
61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 63 2D 
36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 
6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40 
6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 
2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70 
65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 
68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E 
73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 
31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 
6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73 
68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F 
70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 
73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 
61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 
00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70 
65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E 
65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 
6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 
..m.H...*....1..
...."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
....aes128-cbc..
..umac-64-etm@op
enssh.com,umac-1
28-etm@openssh.c
om,hmac-sha2-256
-e...@openssh.com
,hmac-sha2-512-e
t...@openssh.com,h
mac-sha1-etm@ope
nssh.com,umac-64
@openssh.com,uma
c-...@openssh.co
m,hmac-sha2-256,
hmac-sha2-512,hm
ac-sha1....umac-
64-etm@openssh.c
om,umac-128-etm@
openssh.com,hmac
-sha2-256-etm@op
enssh.com,hmac-s
ha2-512-etm@open
ssh.com,hmac-sha
1-...@openssh.co
m,umac-64@openss
h.com,umac-128@o
penssh.com,hmac-
sha2-256,hmac-sh
a2-512,hmac-sha1
....none,zlib@op
enssh.com....non
e,zlib@openssh.c
om.............

SENT packet:
14 25 81 88 A7 CD 90 15 0E 5E 3B 7C B4 0B 1E 9D 
CA 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C 
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E 
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64 
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00 
00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68 
6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65 
2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C 
69 62 00 00 00 00 00 00 00 00 00 00 00 00 00 
.%.......^;|....
...."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
....aes128-cbc..
..hmac-sha1....h
mac-sha1....none
,zlib....none,zl
ib.............

SENT packet:
1E 00 00 04 00 
.....

RECEIVED packet:
03 00 00 00 01 
.....

SENT packet:
03 00 00 00 02 
.....

SENT packet:
01 00 00 00 03 00 00 00 19 45 78 70 65 63 74 65 
64 20 4B 45 58 5F 44 48 5F 47 45 58 5F 47 52 4F 
55 50 00 00 00 00 
.........Expecte
d KEX_DH_GEX_GRO
UP....

SENT packet:
62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71 
01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00 
00 18 00 00 00 00 00 00 00 00 00 00 00 00 
b........pty-req
.....xterm...P..
..............

SENT packet:
62 00 00 00 00 00 00 00 05 73 68 65 6C 6C 01 
b........shell.






> Am 23.01.2017 um 01:22 schrieb Ulrich Hansen <my.gr...@mailbox.org>:
> 
> Hi all,
> 
> Thanks to Jerome, there is now SSH2DOS in the FreeDOS net repo, which is 
> great!
> 
> Unfortunately even this free SSH client is getting a bit rusty, the latest 
> version is 11 years old.
> 
> As I found out, it wouldn’t connect to my server (Ubuntu 16.04 LTS). 
> But it still connected fine to a Debian Wheezy machine.
> 
> In the end I found the problem: OpenSSH versions >=6.7 have disabled a 
> necessary KexAlgorithm and a Cipher.
> 
> Here is a report. I also posted it on the SSH2DOS page on SourceForge.
> 
> Hope this helps others eventually...
> Ulrich
> 
> 
> 
> 1. The solution:
> 
> Add the following lines to /etc/ssh/sshd_config on the server:
> 
> Ciphers aes128-cbc
> KexAlgorithms diffie-hellman-group-exchange-sha1
> 
> 
> 2. The problem:
> 
> SSH2DOS works fine with a Debian Wheezy machine with OpenSSH 6.0.
> 
> But it does not connect to a Debian 8 machine with OpenSSH 6.7.
> It also does not connect to a Ubuntu 16.04 server with OpenSSH 7.2.
> 
> SSH2DOS gives the following error code:
> 
> C:\> ssh2d386 username 192.168.1.136
> SSH2DOS v0.2.1. 386+ version
> Remote host closed connection
> DH key exchange failed
> Socket write error. File: transprt.c, line:698
> Remote reset connection
> 
> On the server /var/log/auth.log says:
> Jan 23 00:17:25 debian8 sshd [1883]: fatal: Unable to negotiate a key 
> exchange method [preauth]
> 
> SSH2D386 with the -d option writes the following DEBUG.PKT:
> 
> 
> -------------------
> 
> RECEIVED packet:
> 14 63 99 7B 69 DA 8E 90 00 02 0A 69 D1 32 93 26 
> E1 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D 
> 73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72 
> 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 
> 70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E 
> 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61 
> 32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69 
> 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D 
> 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C 
> 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 
> 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 41 73 
> 73 68 2D 72 73 61 2C 72 73 61 2D 73 68 61 32 2D 
> 35 31 32 2C 72 73 61 2D 73 68 61 32 2D 32 35 36 
> 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74 
> 70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39 
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C 
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F 
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63 
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70 
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36 
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C 
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F 
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63 
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70 
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36 
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 
> 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 
> 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 
> 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 
> 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 
> 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 
> 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 
> 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 
> 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 
> 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 
> 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 
> 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 
> 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 
> 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 
> 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 
> 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 
> 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 
> 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 
> 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 
> 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 
> 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 
> 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 
> 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 
> 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 
> 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 
> 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 
> 61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 
> 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 
> 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 
> 00 
> .c.{i......i.2.&
> .....curve25519-
> sha...@libssh.or
> g,ecdh-sha2-nist
> p256,ecdh-sha2-n
> istp384,ecdh-sha
> 2-nistp521,diffi
> e-hellman-group-
> exchange-sha256,
> diffie-hellman-g
> roup14-sha1...As
> sh-rsa,rsa-sha2-
> 512,rsa-sha2-256
> ,ecdsa-sha2-nist
> p256,ssh-ed25519
> ...lchacha20-pol
> y1...@openssh.co
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -g...@openssh.com
> ...lchacha20-pol
> y1...@openssh.co
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -g...@openssh.com
> ....umac-64-etm@
> openssh.com,umac
> -128-etm@openssh
> .com,hmac-sha2-2
> 56-etm@openssh.c
> om,hmac-sha2-512
> -e...@openssh.com
> ,hmac-sha1-etm@o
> penssh.com,umac-
> 6...@openssh.com,u
> mac-128@openssh.
> com,hmac-sha2-25
> 6,hmac-sha2-512,
> hmac-sha1....uma
> c-64-etm@openssh
> .com,umac-128-et
> m...@openssh.com,hm
> ac-sha2-256-etm@
> openssh.com,hmac
> -sha2-512-etm@op
> enssh.com,hmac-s
> ha1-etm@openssh.
> com,umac-64@open
> ssh.com,umac-128
> @openssh.com,hma
> c-sha2-256,hmac-
> sha2-512,hmac-sh
> a1....none,zlib@
> openssh.com....n
> one,zlib@openssh
> .com............
> .
> 
> SENT packet:
> 14 8D 73 ED D0 96 BE 48 9A 89 61 74 E7 41 14 CE 
> FC 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C 
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E 
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64 
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00 
> 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68 
> 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65 
> 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C 
> 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00 
> ..s....H..at.A..
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..hmac-sha1....h
> mac-sha1....none
> ,zlib....none,zl
> ib.............
> 
> SENT packet:
> 1E 00 00 04 00 
> .....
> 
> SENT packet:
> 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71 
> 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00 
> 00 18 00 00 00 00 00 00 00 00 00 00 00 00 
> b........pty-req
> .....xterm...P..
> ..............
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/freedos-user


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user

Re: [Freedos-user] SSH2DOS - no connection with recent servers

Reply via email to