190311 Neil Bothwick wrote:
> Do you have any other Host stanzas in the config?
No : /etc/ssh/ssh_config has the following uncommented lines :
# Send locale environment variables. #367017
SendEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC
LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER
LC_TELEPHONE
# Send COLORTERM to match TERM. #658540
SendEnv COLORTERM
# PP 190312
Host 128.100.160.1
KexAlgorithms +diffie-hellman-group1-sha1
# Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
I tried adding the 'Ciphers' line, which is mentioned in the I/net page,
but Ssh chokes, so I commented it again :
528: ~> ssh -v chass.utoronto.ca
OpenSSH_7.9p1, OpenSSL 1.0.2r 26 Feb 2019
debug1: Reading configuration data /home/purslow/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
/etc/ssh/ssh_config line 57: Bad SSH2 cipher spec
'3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr'.
> Check both config files for conflicts
~/.ssh/config has :
Host 128.100.160.1
KexAlgorithms +diffie-hellman-group1-sha1
The latest output ('538' above) shows that it reads ~/.ssh/config ,
but apparently doesn't find what it wants there
& therefore goes on to /etc/ssh/ssh_config , on which it chokes.
Without the 'Cipher' line in the latter, it carries on with the handshake,
but eventually can't do the key exchange.
I've just looked at the USE flags :
root:528 ssh> eix net-misc/openssh
Available versions: 7.5_p1-r4 7.7_p1-r9^t 7.9_p1-r4^t {X X509 audit
bindist debug (+)hpn kerberos ldap ldns libedit libressl livecd pam +pie sctp
selinux skey ssh1 +ssl static test ABI_MIPS="n32" KERNEL="linux"}
Installed versions: 7.9_p1-r4^t([2019-03-09 22:25:11])(X ssl -X509 -audit
-bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp
-selinux -static -test ABI_MIPS="-n32" KERNEL="linux")
NB Eix shows a Use flag 'ssh1', which Euses describes as :
net-misc/openssh:ssh1 - Support the legacy/weak SSH1 protocol
That looks as if it sb enabled, but when I try to enable it,
it's available only for the oldest version :
root:529 ssh> USE="ssh1" emerge -pv =openssh-7.5_p1-r4
Calculating dependencies... done!
[ebuild UD] net-misc/openssh-7.5_p1-r4::gentoo [7.9_p1-r4::gentoo] USE="X
-X509 -audit -bindist -debug -hpn -kerberos -ldap% -ldns -libedit -libressl
-livecd -pam -pie -sctp (-selinux) -skey% ssh1%* ssl -static -test"
root:530 ssh> USE="ssh1" emerge -pv =openssh-7.7_p1-r9
Calculating dependencies... done!
[ebuild UD] net-misc/openssh-7.7_p1-r9::gentoo [7.9_p1-r4::gentoo] USE="X
-X509 -audit -bindist -debug -hpn -kerberos -ldns -libedit -libressl -livecd
-pam -pie -sctp (-selinux) -skey% ssl -static -test"
root:531 ssh> USE="ssh1" emerge -pv =openssh-7.9_p1-r4
Calculating dependencies... done!
[ebuild R] net-misc/openssh-7.9_p1-r4::gentoo USE="X -X509 -audit -bindist
-debug -hpn -kerberos -ldns -libedit -libressl -livecd -pam -pie -sctp
(-selinux) ssl -static -test"
Can anyone offer further advice ? -- Thanks so far.
--
========================,,============================================
SUPPORT ___________//___, Philip Webb
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto
TRANSIT `-O----------O---' purslowatchassdotutorontodotca
