From: Dan Schmidt <helpdesk...@gmail.com>
--===============3214343721392351354==
Content-Type: multipart/alternative; boundary=94eb2c1a162021ee2705470ce377
--94eb2c1a162021ee2705470ce377
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
I forgot - you may need to regenerate your keys with "ssh-keygen -A" after
modifying the server.
On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <helpdesk...@gmail.com> wrote:
> I am unsure what it is that makes ssh2dos so unstable for me - nobody else
> has this issue?
>
> I would like to answer Ulrich on how he can modify his Ubuntu server, but
> first, a warning: These algorithms were disabled because they are obsolete
> and insecure. Using a token based login, such as google-authenticator, may
> be advisable if your server is public facing.
>
> Firstly, add this to your server's /etc/ssh/sshd_config:
>
> KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha...@libssh.org,
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
> diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
> HostKeyAlgorithms +ssh-dss
>
> Then, make use of the -g option - it goes BEFORE your username in
> ssh2dos. You should now be able to connect.
>
> I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work,
> it seems it should. Also, I was in a rush - I may be excluding some newer
> options - report back if you find/add them with success.
>
> -Dan
>
> On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <klewel...@shellworld.net>
> wrote:
>
>> Hi Bill,
>> While I appreciate your desire for wisdom, I feel rather sure my
>> specific situation will not apply to anyone else here most likely.
>> I use ssh2d386 to access at least one commercial shell, but those shell
>> services are maintained by others. I am not for example accessing my own
>> server.
>> If the servers you desire reaching are run by other people, give me an
>> example and I will try.
>> If my many years of computing has taught me anything is that the word
>> Personal is important for a reason.
>> Kare
>>
>>
>>
>> On Thu, 26 Jan 2017, William Dudley wrote:
>>
>> Karen,
>>>
>>> If you know how to get ssh2d386 to connect to a modern openssh, as on
>>> Ubuntu 16.04,
>>> please share the recipe with us!
>>>
>>> Thanks,
>>> Bill Dudley
>>>
>>>
>>> This email is free of malware because I run Linux.
>>>
>>> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <
>>> klewel...@shellworld.net>
>>> wrote:
>>>
>>> Well, if you have given up no point in my sharing.
>>>> We use the same edition of Ubuntu, both with dreamhost who has my
>>>> office,
>>>> and here at shellworld.
>>>> While the latter requires me to make use of a few ssh2021b options, the
>>>> -g
>>>> option for example, I encounter no issues.
>>>> I am going to guess that things like machine speed, mine is a p3 with
>>>> allot of memory, impacts your situation.
>>>> nor, I would hope, your location in the world.
>>>> Sorry I did not notice your post before you abandoned the effort.
>>>> Kare
>>>>
>>>>
>>>>
>>>> On Fri, 27 Jan 2017, Ulrich Hansen wrote:
>>>>
>>>>
>>>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <klewel...@shellworld.net
>>>>> >:
>>>>>
>>>>>>
>>>>>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
>>>>>> package ssh2021b, perhaps I can help you troubleshoot.
>>>>>>
>>>>>>
>>>>> Hi Karen!
>>>>>
>>>>> I am using the exact same program and version.
>>>>>
>>>>> for the record, I am not using freedos, but the ms dos 7.10 package
>>>>>
>>>>>> mentioned on this list.
>>>>>> Still every day several times a day I connect to two different
>>>>>> servers
>>>>>> using this package.
>>>>>>
>>>>>>
>>>>> I guess your servers still run OpenSSH in versions earlier than 6.9.
>>>>>
>>>>> may I ask again what your issue is presently?
>>>>>
>>>>>>
>>>>>>
>>>>> Actually I have given up on it. I spent another day trying to get it to
>>>>> work, but without success.
>>>>>
>>>>> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
>>>>> OpenSSH 7.2.
>>>>>
>>>>> SSH2D386 gives the message:
>>>>>
>>>>> Expected KEX_DH_GEX_GROUP
>>>>> DH key exchange failed
>>>>>
>>>>> The server logs:
>>>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
>>>>> error: type 30 seq 1 [preauth]
>>>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
>>>>> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>>>>>
>>>>> As I wrote I already had problems connecting to a Debian 8 server with
>>>>> OpenSSH 6.7.
>>>>> But there I could fix it with these lines in /etc/ssh/sshd_config on
>>>>> the
>>>>> server.
>>>>>
>>>>> Ciphers aes128-cbc
>>>>> KexAlgorithms diffie-hellman-group-exchange-sha1
>>>>> MACs hmac-sha1
>>>>> HostKeyAlgorithms ssh-css
>>>>>
>>>>> But in OpenSSH 7.2 this didnrCOt work.
>>>>>
>>>>> What else did I try?
>>>>>
>>>>> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>>>>>
>>>>> I tried to recompile OpenSSH.
>>>>> The first time with adding this line in in compat.c:
>>>>> { "SSHDOS*", SSH_OLD_DHGEX },
>>>>> The second time with this one:
>>>>> { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>>>>>
>>>>> Both were not able to let SSH2D386 connect. It worked great with other
>>>>> SSH clients.
>>>>>
>>>>> The idea was that SSH2DOS uses code from PuTTY and there were already
>>>>> several exceptions in combat.c for old PuTTY versions. The reason
>>>>> seems to
>>>>> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS
>>>>> did
>>>>> not. See [1], [2].
>>>>>
>>>>> I even looked at the SSH2DOS source code. But I have no experience with
>>>>> OpenWatcom. I installed it but gave up, when I saw I also had to
>>>>> compile
>>>>> the WATT32 TCP/IP stack.
>>>>>
>>>>> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
>>>>> should be possible to replace the old PuTTY code with a more recent
>>>>> one.
>>>>>
>>>>> cheers
>>>>> Ulrich
>>>>>
>>>>>
>>>>> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
>>>>> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
>>>>> rfc4419.html
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>>> _______________________________________________
>>>>> Freedos-user mailing list
>>>>> Freedos-user@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>>>
>>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Freedos-user mailing list
>>>> Freedos-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>>
>>>>
>>>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Freedos-user mailing list
>> Freedos-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>
>>
>
--94eb2c1a162021ee2705470ce377
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir="ltr">I forgot - you may need to regenerate your keys with
"ssh-keygen -A" after modifying the server.-a</div><div
class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 26, 2017 at 10:38
PM, Dan Schmidt <span dir="ltr"><<a href="mailto:helpdesk...@gmail.com";
target="_blank">helpdesk...@gmail.com</a>></span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"><div dir="ltr">I am unsure what it is that makes
ssh2dos so unstable for me - nobody else has this issue?-a<div><br>I would like
to answer Ulrich on how he can modify his Ubuntu server, but first, a warning:
These algorithms were disabled because they are obsolete and insecure.-a Using
a token based login, such as google-authenticator, may be advisable if your
server is public facing. -a</div><div><br></div><div>Firstly, add this to your
server's-a<span
style="color:rgb(0,0,0)">/etc/ssh/sshd_config:</span><br><br>KexAlgorithms
diffie-hellman-group1-sha1,<a href="mailto:curve25519-sha...@libssh.org";
target="_blank">cur<wbr>ve25519-sha...@libssh.org</a>,<wbr>ecdh-sha2-nistp256,ecdh-sha2-<wbr>nistp384,ecdh-sha2-nistp521,<wbr>diffie-hellman-group-exchange-<wbr>sha256,diffie-hellman-group14-<wbr>sha1<br>Ciphers
3des-cbc,blowfish-cbc,aes128-<wbr>cbc,aes128-ctr,aes256-ctr<br>HostKeyAlgorithms
+ssh-dss<br><br>Then, make use of the -g option - it goes BEFORE your username
in ssh2dos.-a You should now be able to connect. -a</div><div><br>I do not know
why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it
should.-a Also, I was in a rush - I may be excluding some newer options -
report back if you find/add them with success.-a</div><span
class="HOEnZb"><font
color="#888888"><div><br></div><div>-Dan</div></font></span></div><div
class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Thu
, Jan 26, 2017 at 9:42 PM, Karen Lewellen <span dir="ltr"><<a
href="mailto:klewel...@shellworld.net";
target="_blank">klewel...@shellworld.net</a>></span>
wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">Hi
Bill,<br>
While I appreciate your desire for wisdom, I feel rather sure-a my specific
situation will not apply to anyone else here most likely.<br>
I use ssh2d386 to-a access at least one commercial shell, but those shell
services are maintained by others.-a I am not for example accessing my own
server.<br>
If the servers you desire reaching are run by other people,-a give me an
example and I will try.<br>
If my many years of computing has taught me anything is that the word
Personal-a is important for a reason.<br>
Kare<div class="m_-2658655359570531662HOEnZb"><div
class="m_-2658655359570531662h5"><br>
<br>
<br>
On Thu, 26 Jan 2017, William Dudley wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Karen,<br>
<br>
If you know how to get ssh2d386 to connect to a modern openssh, as on<br>
Ubuntu 16.04,<br>
please share the recipe with us!<br>
<br>
Thanks,<br>
Bill Dudley<br>
<br>
<br>
This email is free of malware because I run Linux.<br>
<br>
On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <<a
href="mailto:klewel...@shellworld.net";
target="_blank">klewel...@shellworld.net</a>><br>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Well, if you have given up no point in my sharing.<br>
We use the same edition of Ubuntu, both with dreamhost who has my office,<br>
and here at shellworld.<br>
While the latter requires me to make use of a few ssh2021b options, the -g<br>
option-a for example, I encounter no issues.<br>
I am going to guess that-a things like machine speed, mine is a p3 with<br>
allot of memory, impacts your situation.<br>
nor, I would hope, your-a location in the world.<br>
Sorry I did not notice your post before you abandoned-a the effort.<br>
Kare<br>
<br>
<br>
<br>
On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Am 26.01.2017 um 18:19 schrieb Karen Lewellen <<a
href="mailto:klewel...@shellworld.net";
target="_blank">klewel...@shellworld.net</a>>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br>
package ssh2021b,-a perhaps I can help you troubleshoot.<br>
<br>
</blockquote>
<br>
Hi Karen!<br>
<br>
I am using the exact same program and version.<br>
<br>
for the record, I am not using freedos, but-a the ms dos 7.10 package<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
mentioned on this list.<br>
Still every day several times a day I connect-a to two different servers<br>
using-a this package.<br>
<br>
</blockquote>
<br>
I guess your servers still run OpenSSH in versions earlier than 6.9.<br>
<br>
may I ask again what your issue is presently?<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
</blockquote>
<br>
Actually I have given up on it. I spent another day trying to get it to<br>
work, but without success.<br>
<br>
The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with<br>
OpenSSH 7.2.<br>
<br>
SSH2D386 gives the message:<br>
<br>
-a -a Expected KEX_DH_GEX_GROUP<br>
-a -a DH key exchange failed<br>
<br>
The server logs:<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol<br>
error: type 30 seq 1 [preauth]<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received<br>
disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO<br>
<br>
As I wrote I already had problems connecting to a Debian 8 server with<br>
OpenSSH 6.7.<br>
But there I could fix it with these lines in /etc/ssh/sshd_config on the<br>
server.<br>
<br>
-a -a Ciphers aes128-cbc<br>
-a -a KexAlgorithms diffie-hellman-group-exchange-<wbr>sha1<br>
-a -a MACs hmac-sha1<br>
-a -a HostKeyAlgorithms ssh-css<br>
<br>
But in OpenSSH 7.2 this didnrCOt work.<br>
<br>
What else did I try?<br>
<br>
I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.<br>
<br>
I tried to recompile OpenSSH.<br>
The first time with adding this line in in compat.c:<br>
-a -a { "SSHDOS*",-a -a -a -a -a -a -a -a SSH_OLD_DHGEX },<br>
The second time with this one:<br>
-a -a { "SSHDOS*",-a -a -a -a -a -a -a -a
SSH_BUG_NOREKEY|SSH_BUG_FIRSTK<wbr>EX },<br>
<br>
Both were not able to let SSH2D386 connect. It worked great with other<br>
SSH clients.<br>
<br>
The idea was that SSH2DOS uses code from PuTTY and there were already<br>
several exceptions in combat.c for old PuTTY versions. The reason seems to<br>
be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did<br>
not. See [1], [2].<br>
<br>
I even looked at the SSH2DOS source code. But I have no experience with<br>
OpenWatcom. I installed it but gave up, when I saw I also had to compile<br>
the WATT32 TCP/IP stack.<br>
<br>
SSH2DOS uses PuTTY code, which is also Free Software. So in theory it<br>
should be possible to replace the old PuTTY code with a more recent one.<br>
<br>
cheers<br>
Ulrich<br>
<br>
<br>
[1] <a href="https://forums.red-gate.com/viewtopic.php?f=198&t=78958";
rel="noreferrer"
target="_blank">https://forums.red-gate.com/vi<wbr>ewtopic.php?f=198&t=78958</a><br>
[2] <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/";
rel="noreferrer"
target="_blank">http://www.chiark.greenend.org<wbr>.uk/~sgtatham/putty/wishlist/</a><br>
rfc4419.html<br>
<br>
<br>
<br>
------------------------------<wbr>------------------------------<br>
------------------<br>
Check out the vibrant tech community on one of the world's most<br>
--- Internet Rex 2.29
* Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
* Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
