From: Dan Schmidt <helpdesk...@gmail.com>

--===============8947666473291029551==
Content-Type: multipart/alternative; boundary=001a11c00ea612aad70546e511ab

--001a11c00ea612aad70546e511ab
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

They deprecated that cipher - you can make it work, but it is vulnerable.
Also, ssh2dos is very unstable in my experience.  I wish somebody would
write a decent ssh for dos.

On Mon, Jan 23, 2017 at 1:21 AM, Ulrich Hansen <my.gr...@mailbox.org> wrote:

> Update:
>
> The solution I found last night seems to work only for older OpenSSH
> servers.
>
> For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:
>
> HostKeyAlgorithms ssh-dss
>
> to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by
> default since OpenSSH 6.9.
>
> But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.
>
> Perhaps someone has an idea?
>
> At the moment SSH2DOS can only be used to connect to older servers,
> running f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7).
>
> So soon there will be no functioning SSH client anymore for FreeDOS. :-(
>
> Here are the messages:
>
> SSH2DOS error message is:
>
> C:\> ssh2d386 username 192.168.1.131
> SSH2DOS v0.2.1. 386+ version
> Expected KEX_DH_GEX_GROUP
> DH key exchange failed
> Remote host closed connection
> Socket write error. File: transprt.c, line:698
> Connection closed by peer
>
> On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log
> says:
>
> Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error:
> type 30 seq 1 [preauth]
> Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect
> from 192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]
> Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: Disconnected from
> 192.168.1.110 port 564 [preauth]
>
>
> C:\> ssh2d386 -d username 192.168.1.131
>
> wrote the following output in C:\SSH2DOS\DEBUG.PKT:
>
> -------------------
>
> RECEIVED packet:
> 14 BE 6D 01 48 D3 E5 EB 2A C1 81 DE E7 31 AB DB
> B2 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31
> 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36
> 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65
> 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68
> 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65
> 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34
> 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61
> 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C
> 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D
> 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 63 2D
> 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
> 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
> 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E
> 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61
> 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73
> 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F
> 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D
> 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68
> 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31
> 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E
> 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00
> ..m.H...*....1..
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..umac-64-etm@op
> enssh.com,umac-1
> 28-etm@openssh.c
> om,hmac-sha2-256
> -e...@openssh.com
> ,hmac-sha2-512-e
> t...@openssh.com,h
> mac-sha1-etm@ope
> nssh.com,umac-64
> @openssh.com,uma
> c-...@openssh.co
> m,hmac-sha2-256,
> hmac-sha2-512,hm
> ac-sha1....umac-
> 64-etm@openssh.c
> om,umac-128-etm@
> openssh.com,hmac
> -sha2-256-etm@op
> enssh.com,hmac-s
> ha2-512-etm@open
> ssh.com,hmac-sha
> 1-...@openssh.co
> m,umac-64@openss
> h.com,umac-128@o
> penssh.com,hmac-
> sha2-256,hmac-sh
> a2-512,hmac-sha1
> ....none,zlib@op
> enssh.com....non
> e,zlib@openssh.c
> om.............
>
> SENT packet:
> 14 25 81 88 A7 CD 90 15 0E 5E 3B 7C B4 0B 1E 9D
> CA 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
> 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
> 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
> 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
> .%.......^;|....
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..hmac-sha1....h
> mac-sha1....none
> ,zlib....none,zl
> ib.............
>
> SENT packet:
> 1E 00 00 04 00
> .....
>
> RECEIVED packet:
> 03 00 00 00 01
> .....
>
> SENT packet:
> 03 00 00 00 02
> .....
>
> SENT packet:
> 01 00 00 00 03 00 00 00 19 45 78 70 65 63 74 65
> 64 20 4B 45 58 5F 44 48 5F 47 45 58 5F 47 52 4F
> 55 50 00 00 00 00
> .........Expecte
> d KEX_DH_GEX_GRO
> UP....
>
> SENT packet:
> 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
> 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
> 00 18 00 00 00 00 00 00 00 00 00 00 00 00
> b........pty-req
> .....xterm...P..
> ..............
>
> SENT packet:
> 62 00 00 00 00 00 00 00 05 73 68 65 6C 6C 01
> b........shell.
>
>
>
>
>
>
> > Am 23.01.2017 um 01:22 schrieb Ulrich Hansen <my.gr...@mailbox.org>:
> >
> > Hi all,
> >
> > Thanks to Jerome, there is now SSH2DOS in the FreeDOS net repo, which is
> great!
> >
> > Unfortunately even this free SSH client is getting a bit rusty, the
> latest version is 11 years old.
> >
> > As I found out, it wouldnrCOt connect to my server (Ubuntu 16.04 LTS).
> > But it still connected fine to a Debian Wheezy machine.
> >
> > In the end I found the problem: OpenSSH versions >=6.7 have disabled a
> necessary KexAlgorithm and a Cipher.
> >
> > Here is a report. I also posted it on the SSH2DOS page on SourceForge.
> >
> > Hope this helps others eventually...
> > Ulrich
> >
> >
> >
> > 1. The solution:
> >
> > Add the following lines to /etc/ssh/sshd_config on the server:
> >
> > Ciphers aes128-cbc
> > KexAlgorithms diffie-hellman-group-exchange-sha1
> >
> >
> > 2. The problem:
> >
> > SSH2DOS works fine with a Debian Wheezy machine with OpenSSH 6.0.
> >
> > But it does not connect to a Debian 8 machine with OpenSSH 6.7.
> > It also does not connect to a Ubuntu 16.04 server with OpenSSH 7.2.
> >
> > SSH2DOS gives the following error code:
> >
> > C:\> ssh2d386 username 192.168.1.136
> > SSH2DOS v0.2.1. 386+ version
> > Remote host closed connection
> > DH key exchange failed
> > Socket write error. File: transprt.c, line:698
> > Remote reset connection
> >
> > On the server /var/log/auth.log says:
> > Jan 23 00:17:25 debian8 sshd [1883]: fatal: Unable to negotiate a key
> exchange method [preauth]
> >
> > SSH2D386 with the -d option writes the following DEBUG.PKT:
> >
> >
> > -------------------
> >
> > RECEIVED packet:
> > 14 63 99 7B 69 DA 8E 90 00 02 0A 69 D1 32 93 26
> > E1 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D
> > 73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72
> > 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74
> > 70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E
> > 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61
> > 32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69
> > 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D
> > 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C
> > 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67
> > 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 41 73
> > 73 68 2D 72 73 61 2C 72 73 61 2D 73 68 61 32 2D
> > 35 31 32 2C 72 73 61 2D 73 68 61 32 2D 32 35 36
> > 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74
> > 70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39
> > 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> > 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> > 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> > 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> > 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> > 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> > 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> > 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> > 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> > 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> > 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> > 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> > 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> > 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> > 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40
> > 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63
> > 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> > 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32
> > 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> > 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32
> > 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> > 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F
> > 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D
> > 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75
> > 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E
> > 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35
> > 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C
> > 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61
> > 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> > 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74
> > 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D
> > 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40
> > 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
> > 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70
> > 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
> > 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E
> > 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E
> > 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38
> > 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61
> > 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D
> > 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68
> > 61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40
> > 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E
> > 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68
> > 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00
> > 00
> > .c.{i......i.2.&
> > .....curve25519-
> > sha...@libssh.or
> > g,ecdh-sha2-nist
> > p256,ecdh-sha2-n
> > istp384,ecdh-sha
> > 2-nistp521,diffi
> > e-hellman-group-
> > exchange-sha256,
> > diffie-hellman-g
> > roup14-sha1...As
> > sh-rsa,rsa-sha2-
> > 512,rsa-sha2-256
> > ,ecdsa-sha2-nist
> > p256,ssh-ed25519
> > ...lchacha20-pol
> > y1...@openssh.co
> > m,aes128-ctr,aes
> > 192-ctr,aes256-c
> > tr,aes128-gcm@op
> > enssh.com,aes256
> > -g...@openssh.com
> > ...lchacha20-pol
> > y1...@openssh.co
> > m,aes128-ctr,aes
> > 192-ctr,aes256-c
> > tr,aes128-gcm@op
> > enssh.com,aes256
> > -g...@openssh.com
> > ....umac-64-etm@
> > openssh.com,umac
> > -128-etm@openssh
> > .com,hmac-sha2-2
> > 56-etm@openssh.c
> > om,hmac-sha2-512
> > -e...@openssh.com
> > ,hmac-sha1-etm@o
> > penssh.com,umac-
> > 6...@openssh.com,u
> > mac-128@openssh.
> > com,hmac-sha2-25
> > 6,hmac-sha2-512,
> > hmac-sha1....uma
> > c-64-etm@openssh
> > .com,umac-128-et
> > m...@openssh.com,hm
> > ac-sha2-256-etm@
> > openssh.com,hmac
> > -sha2-512-etm@op
> > enssh.com,hmac-s
> > ha1-etm@openssh.
> > com,umac-64@open
> > ssh.com,umac-128
> > @openssh.com,hma
> > c-sha2-256,hmac-
> > sha2-512,hmac-sh
> > a1....none,zlib@
> > openssh.com....n
> > one,zlib@openssh
> > .com............
> > .
> >
> > SENT packet:
> > 14 8D 73 ED D0 96 BE 48 9A 89 61 74 E7 41 14 CE
> > FC 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> > 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> > 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> > 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> > 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> > 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
> > 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
> > 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
> > 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
> > ..s....H..at.A..
> > ...."diffie-hell
> > man-group-exchan
> > ge-sha1....ssh-d
> > ss....aes128-cbc
> > ....aes128-cbc..
> > ..hmac-sha1....h
> > mac-sha1....none
> > ,zlib....none,zl
> > ib.............
> >
> > SENT packet:
> > 1E 00 00 04 00
> > .....
> >
> > SENT packet:
> > 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
> > 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
> > 00 18 00 00 00 00 00 00 00 00 00 00 00 00
> > b........pty-req
> > .....xterm...P..
> > ..............
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Freedos-user mailing list
> > Freedos-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/freedos-user
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>

--001a11c00ea612aad70546e511ab
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir="ltr">They deprecated that cipher - you can make it work, but it is
vulnerable.-a Also,-assh2dos is very unstable in my experience.-a I wish
somebody would write a decent ssh for dos. -a</div><div
class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 23, 2017 at 1:21
AM, Ulrich Hansen <span dir="ltr">&lt;<a href="mailto:my.gr...@mailbox.org";
target="_blank">my.gr...@mailbox.org</a>&gt;</span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Update:<br>
<br>
The solution I found last night seems to work only for older OpenSSH
servers.<br>
<br>
For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:<br>
<br>
HostKeyAlgorithms ssh-dss<br>
<br>
to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by
default since OpenSSH 6.9.<br>
<br>
But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.<br>
<br>
Perhaps someone has an idea?<br>
<br>
At the moment SSH2DOS can only be used to connect to older servers, running
f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7).<br>
<br>
So soon there will be no functioning SSH client anymore for FreeDOS. :-(<br>
<br>
Here are the messages:<br>
<br>
SSH2DOS error message is:<br>
<br>
C:\&gt; ssh2d386 username 192.168.1.131<br>
SSH2DOS v0.2.1. 386+ version<br>
Expected KEX_DH_GEX_GROUP<br>
DH key exchange failed<br>
Remote host closed connection<br>
Socket write error. File: transprt.c, line:698<br>
Connection closed by peer<br>
<br>
On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log
says:<br>
<br>
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error: type
30 seq 1 [preauth]<br>
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect from
192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]<br>

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user

Reply via email to