From: Dan Schmidt <helpdesk...@gmail.com> --===============3214343721392351354== Content-Type: multipart/alternative; boundary=94eb2c1a162021ee2705470ce377
--94eb2c1a162021ee2705470ce377 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I forgot - you may need to regenerate your keys with "ssh-keygen -A" after modifying the server. On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <helpdesk...@gmail.com> wrote: > I am unsure what it is that makes ssh2dos so unstable for me - nobody else > has this issue? > > I would like to answer Ulrich on how he can modify his Ubuntu server, but > first, a warning: These algorithms were disabled because they are obsolete > and insecure. Using a token based login, such as google-authenticator, may > be advisable if your server is public facing. > > Firstly, add this to your server's /etc/ssh/sshd_config: > > KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha...@libssh.org, > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, > diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 > Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr > HostKeyAlgorithms +ssh-dss > > Then, make use of the -g option - it goes BEFORE your username in > ssh2dos. You should now be able to connect. > > I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, > it seems it should. Also, I was in a rush - I may be excluding some newer > options - report back if you find/add them with success. > > -Dan > > On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <klewel...@shellworld.net> > wrote: > >> Hi Bill, >> While I appreciate your desire for wisdom, I feel rather sure my >> specific situation will not apply to anyone else here most likely. >> I use ssh2d386 to access at least one commercial shell, but those shell >> services are maintained by others. I am not for example accessing my own >> server. >> If the servers you desire reaching are run by other people, give me an >> example and I will try. >> If my many years of computing has taught me anything is that the word >> Personal is important for a reason. >> Kare >> >> >> >> On Thu, 26 Jan 2017, William Dudley wrote: >> >> Karen, >>> >>> If you know how to get ssh2d386 to connect to a modern openssh, as on >>> Ubuntu 16.04, >>> please share the recipe with us! >>> >>> Thanks, >>> Bill Dudley >>> >>> >>> This email is free of malware because I run Linux. >>> >>> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen < >>> klewel...@shellworld.net> >>> wrote: >>> >>> Well, if you have given up no point in my sharing. >>>> We use the same edition of Ubuntu, both with dreamhost who has my >>>> office, >>>> and here at shellworld. >>>> While the latter requires me to make use of a few ssh2021b options, the >>>> -g >>>> option for example, I encounter no issues. >>>> I am going to guess that things like machine speed, mine is a p3 with >>>> allot of memory, impacts your situation. >>>> nor, I would hope, your location in the world. >>>> Sorry I did not notice your post before you abandoned the effort. >>>> Kare >>>> >>>> >>>> >>>> On Fri, 27 Jan 2017, Ulrich Hansen wrote: >>>> >>>> >>>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <klewel...@shellworld.net >>>>> >: >>>>> >>>>>> >>>>>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos >>>>>> package ssh2021b, perhaps I can help you troubleshoot. >>>>>> >>>>>> >>>>> Hi Karen! >>>>> >>>>> I am using the exact same program and version. >>>>> >>>>> for the record, I am not using freedos, but the ms dos 7.10 package >>>>> >>>>>> mentioned on this list. >>>>>> Still every day several times a day I connect to two different >>>>>> servers >>>>>> using this package. >>>>>> >>>>>> >>>>> I guess your servers still run OpenSSH in versions earlier than 6.9. >>>>> >>>>> may I ask again what your issue is presently? >>>>> >>>>>> >>>>>> >>>>> Actually I have given up on it. I spent another day trying to get it to >>>>> work, but without success. >>>>> >>>>> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with >>>>> OpenSSH 7.2. >>>>> >>>>> SSH2D386 gives the message: >>>>> >>>>> Expected KEX_DH_GEX_GROUP >>>>> DH key exchange failed >>>>> >>>>> The server logs: >>>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol >>>>> error: type 30 seq 1 [preauth] >>>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received >>>>> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO >>>>> >>>>> As I wrote I already had problems connecting to a Debian 8 server with >>>>> OpenSSH 6.7. >>>>> But there I could fix it with these lines in /etc/ssh/sshd_config on >>>>> the >>>>> server. >>>>> >>>>> Ciphers aes128-cbc >>>>> KexAlgorithms diffie-hellman-group-exchange-sha1 >>>>> MACs hmac-sha1 >>>>> HostKeyAlgorithms ssh-css >>>>> >>>>> But in OpenSSH 7.2 this didnrCOt work. >>>>> >>>>> What else did I try? >>>>> >>>>> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG. >>>>> >>>>> I tried to recompile OpenSSH. >>>>> The first time with adding this line in in compat.c: >>>>> { "SSHDOS*", SSH_OLD_DHGEX }, >>>>> The second time with this one: >>>>> { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX }, >>>>> >>>>> Both were not able to let SSH2D386 connect. It worked great with other >>>>> SSH clients. >>>>> >>>>> The idea was that SSH2DOS uses code from PuTTY and there were already >>>>> several exceptions in combat.c for old PuTTY versions. The reason >>>>> seems to >>>>> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS >>>>> did >>>>> not. See [1], [2]. >>>>> >>>>> I even looked at the SSH2DOS source code. But I have no experience with >>>>> OpenWatcom. I installed it but gave up, when I saw I also had to >>>>> compile >>>>> the WATT32 TCP/IP stack. >>>>> >>>>> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it >>>>> should be possible to replace the old PuTTY code with a more recent >>>>> one. >>>>> >>>>> cheers >>>>> Ulrich >>>>> >>>>> >>>>> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958 >>>>> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ >>>>> rfc4419.html >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------ >>>>> ------------------ >>>>> Check out the vibrant tech community on one of the world's most >>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>>>> _______________________________________________ >>>>> Freedos-user mailing list >>>>> Freedos-user@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user >>>>> >>>>> >>>> ------------------------------------------------------------ >>>> ------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> Freedos-user mailing list >>>> Freedos-user@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/freedos-user >>>> >>>> >>>> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Freedos-user mailing list >> Freedos-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/freedos-user >> >> > --94eb2c1a162021ee2705470ce377 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir="ltr">I forgot - you may need to regenerate your keys with "ssh-keygen -A" after modifying the server.-a</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <span dir="ltr"><<a href="mailto:helpdesk...@gmail.com" target="_blank">helpdesk...@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I am unsure what it is that makes ssh2dos so unstable for me - nobody else has this issue?-a<div><br>I would like to answer Ulrich on how he can modify his Ubuntu server, but first, a warning: These algorithms were disabled because they are obsolete and insecure.-a Using a token based login, such as google-authenticator, may be advisable if your server is public facing. -a</div><div><br></div><div>Firstly, add this to your server's-a<span style="color:rgb(0,0,0)">/etc/ssh/sshd_config:</span><br><br>KexAlgorithms diffie-hellman-group1-sha1,<a href="mailto:curve25519-sha...@libssh.org" target="_blank">cur<wbr>ve25519-sha...@libssh.org</a>,<wbr>ecdh-sha2-nistp256,ecdh-sha2-<wbr>nistp384,ecdh-sha2-nistp521,<wbr>diffie-hellman-group-exchange-<wbr>sha256,diffie-hellman-group14-<wbr>sha1<br>Ciphers 3des-cbc,blowfish-cbc,aes128-<wbr>cbc,aes128-ctr,aes256-ctr<br>HostKeyAlgorithms +ssh-dss<br><br>Then, make use of the -g option - it goes BEFORE your username in ssh2dos.-a You should now be able to connect. -a</div><div><br>I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it should.-a Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success.-a</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-Dan</div></font></span></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Thu , Jan 26, 2017 at 9:42 PM, Karen Lewellen <span dir="ltr"><<a href="mailto:klewel...@shellworld.net" target="_blank">klewel...@shellworld.net</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">Hi Bill,<br> While I appreciate your desire for wisdom, I feel rather sure-a my specific situation will not apply to anyone else here most likely.<br> I use ssh2d386 to-a access at least one commercial shell, but those shell services are maintained by others.-a I am not for example accessing my own server.<br> If the servers you desire reaching are run by other people,-a give me an example and I will try.<br> If my many years of computing has taught me anything is that the word Personal-a is important for a reason.<br> Kare<div class="m_-2658655359570531662HOEnZb"><div class="m_-2658655359570531662h5"><br> <br> <br> On Thu, 26 Jan 2017, William Dudley wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Karen,<br> <br> If you know how to get ssh2d386 to connect to a modern openssh, as on<br> Ubuntu 16.04,<br> please share the recipe with us!<br> <br> Thanks,<br> Bill Dudley<br> <br> <br> This email is free of malware because I run Linux.<br> <br> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <<a href="mailto:klewel...@shellworld.net" target="_blank">klewel...@shellworld.net</a>><br> wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Well, if you have given up no point in my sharing.<br> We use the same edition of Ubuntu, both with dreamhost who has my office,<br> and here at shellworld.<br> While the latter requires me to make use of a few ssh2021b options, the -g<br> option-a for example, I encounter no issues.<br> I am going to guess that-a things like machine speed, mine is a p3 with<br> allot of memory, impacts your situation.<br> nor, I would hope, your-a location in the world.<br> Sorry I did not notice your post before you abandoned-a the effort.<br> Kare<br> <br> <br> <br> On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br> <br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <<a href="mailto:klewel...@shellworld.net" target="_blank">klewel...@shellworld.net</a>>:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br> package ssh2021b,-a perhaps I can help you troubleshoot.<br> <br> </blockquote> <br> Hi Karen!<br> <br> I am using the exact same program and version.<br> <br> for the record, I am not using freedos, but-a the ms dos 7.10 package<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> mentioned on this list.<br> Still every day several times a day I connect-a to two different servers<br> using-a this package.<br> <br> </blockquote> <br> I guess your servers still run OpenSSH in versions earlier than 6.9.<br> <br> may I ask again what your issue is presently?<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> </blockquote> <br> Actually I have given up on it. I spent another day trying to get it to<br> work, but without success.<br> <br> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with<br> OpenSSH 7.2.<br> <br> SSH2D386 gives the message:<br> <br> -a -a Expected KEX_DH_GEX_GROUP<br> -a -a DH key exchange failed<br> <br> The server logs:<br> -a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol<br> error: type 30 seq 1 [preauth]<br> -a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received<br> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO<br> <br> As I wrote I already had problems connecting to a Debian 8 server with<br> OpenSSH 6.7.<br> But there I could fix it with these lines in /etc/ssh/sshd_config on the<br> server.<br> <br> -a -a Ciphers aes128-cbc<br> -a -a KexAlgorithms diffie-hellman-group-exchange-<wbr>sha1<br> -a -a MACs hmac-sha1<br> -a -a HostKeyAlgorithms ssh-css<br> <br> But in OpenSSH 7.2 this didnrCOt work.<br> <br> What else did I try?<br> <br> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.<br> <br> I tried to recompile OpenSSH.<br> The first time with adding this line in in compat.c:<br> -a -a { "SSHDOS*",-a -a -a -a -a -a -a -a SSH_OLD_DHGEX },<br> The second time with this one:<br> -a -a { "SSHDOS*",-a -a -a -a -a -a -a -a SSH_BUG_NOREKEY|SSH_BUG_FIRSTK<wbr>EX },<br> <br> Both were not able to let SSH2D386 connect. It worked great with other<br> SSH clients.<br> <br> The idea was that SSH2DOS uses code from PuTTY and there were already<br> several exceptions in combat.c for old PuTTY versions. The reason seems to<br> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did<br> not. See [1], [2].<br> <br> I even looked at the SSH2DOS source code. But I have no experience with<br> OpenWatcom. I installed it but gave up, when I saw I also had to compile<br> the WATT32 TCP/IP stack.<br> <br> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it<br> should be possible to replace the old PuTTY code with a more recent one.<br> <br> cheers<br> Ulrich<br> <br> <br> [1] <a href="https://forums.red-gate.com/viewtopic.php?f=198&t=78958" rel="noreferrer" target="_blank">https://forums.red-gate.com/vi<wbr>ewtopic.php?f=198&t=78958</a><br> [2] <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/" rel="noreferrer" target="_blank">http://www.chiark.greenend.org<wbr>.uk/~sgtatham/putty/wishlist/</a><br> rfc4419.html<br> <br> <br> <br> ------------------------------<wbr>------------------------------<br> ------------------<br> Check out the vibrant tech community on one of the world's most<br> --- Internet Rex 2.29 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901) --- Synchronet 3.15a-Linux ListGate 1.3 * Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user