From: Ulrich Hansen <my.gr...@mailbox.org>
--===============1286602081422601077==
Content-Type: multipart/alternative;
boundary="Apple-Mail=_FB62985E-3376-4E71-8B37-98EBAD86AAFE"
--Apple-Mail=_FB62985E-3376-4E71-8B37-98EBAD86AAFE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Wow. I am stunned. This has solved the problem. I have spent more than a day
searching for such a solution.
I am now able to log into a Ubuntu 16.04 LTS server with OpenSSH 7.2
Client is a fresh install of FreeDOS 1.2 where I installed ssh2dos with "FDNPKG
install ssh2dos"
Thank you very, very much!
Ulrich
> Am 27.01.2017 um 06:39 schrieb Dan Schmidt <helpdesk...@gmail.com>:
>
> I forgot - you may need to regenerate your keys with "ssh-keygen -A" after
modifying the server.
>
> On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <helpdesk...@gmail.com
<mailto:helpdesk...@gmail.com>> wrote:
> I am unsure what it is that makes ssh2dos so unstable for me - nobody else
has this issue?
>
> I would like to answer Ulrich on how he can modify his Ubuntu server, but
first, a warning: These algorithms were disabled because they are obsolete and
insecure. Using a token based login, such as google-authenticator, may be
advisable if your server is public facing.
>
> Firstly, add this to your server's /etc/ssh/sshd_config:
>
> KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha...@libssh.org
<mailto:curve25519-sha...@libssh.org>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
> HostKeyAlgorithms +ssh-dss
>
> Then, make use of the -g option - it goes BEFORE your username in ssh2dos.
You should now be able to connect.
>
> I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it
seems it should. Also, I was in a rush - I may be excluding some newer options
- report back if you find/add them with success.
>
> -Dan
>
> On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <klewel...@shellworld.net
<mailto:klewel...@shellworld.net>> wrote:
> Hi Bill,
> While I appreciate your desire for wisdom, I feel rather sure my specific
situation will not apply to anyone else here most likely.
> I use ssh2d386 to access at least one commercial shell, but those shell
services are maintained by others. I am not for example accessing my own
server.
> If the servers you desire reaching are run by other people, give me an
example and I will try.
> If my many years of computing has taught me anything is that the word
Personal is important for a reason.
> Kare
>
>
>
> On Thu, 26 Jan 2017, William Dudley wrote:
>
> Karen,
>
> If you know how to get ssh2d386 to connect to a modern openssh, as on
> Ubuntu 16.04,
> please share the recipe with us!
>
> Thanks,
> Bill Dudley
>
>
> This email is free of malware because I run Linux.
>
> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <klewel...@shellworld.net
<mailto:klewel...@shellworld.net>>
> wrote:
>
> Well, if you have given up no point in my sharing.
> We use the same edition of Ubuntu, both with dreamhost who has my office,
> and here at shellworld.
> While the latter requires me to make use of a few ssh2021b options, the -g
> option for example, I encounter no issues.
> I am going to guess that things like machine speed, mine is a p3 with
> allot of memory, impacts your situation.
> nor, I would hope, your location in the world.
> Sorry I did not notice your post before you abandoned the effort.
> Kare
>
>
>
> On Fri, 27 Jan 2017, Ulrich Hansen wrote:
>
>
> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <klewel...@shellworld.net
<mailto:klewel...@shellworld.net>>:
>
> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
> package ssh2021b, perhaps I can help you troubleshoot.
>
>
> Hi Karen!
>
> I am using the exact same program and version.
>
> for the record, I am not using freedos, but the ms dos 7.10 package
> mentioned on this list.
> Still every day several times a day I connect to two different servers
> using this package.
>
>
> I guess your servers still run OpenSSH in versions earlier than 6.9.
>
> may I ask again what your issue is presently?
>
>
> Actually I have given up on it. I spent another day trying to get it to
> work, but without success.
>
> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
> OpenSSH 7.2.
>
> SSH2D386 gives the message:
>
> Expected KEX_DH_GEX_GROUP
> DH key exchange failed
>
> The server logs:
> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
> error: type 30 seq 1 [preauth]
> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>
> As I wrote I already had problems connecting to a Debian 8 server with
> OpenSSH 6.7.
> But there I could fix it with these lines in /etc/ssh/sshd_config on the
> server.
>
> Ciphers aes128-cbc
> KexAlgorithms diffie-hellman-group-exchange-sha1
> MACs hmac-sha1
> HostKeyAlgorithms ssh-css
>
> But in OpenSSH 7.2 this didnrCOt work.
>
> What else did I try?
>
> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>
> I tried to recompile OpenSSH.
> The first time with adding this line in in compat.c:
> { "SSHDOS*", SSH_OLD_DHGEX },
> The second time with this one:
> { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>
> Both were not able to let SSH2D386 connect. It worked great with other
> SSH clients.
>
> The idea was that SSH2DOS uses code from PuTTY and there were already
> several exceptions in combat.c for old PuTTY versions. The reason seems to
> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did
> not. See [1], [2].
>
> I even looked at the SSH2DOS source code. But I have no experience with
> OpenWatcom. I installed it but gave up, when I saw I also had to compile
> the WATT32 TCP/IP stack.
>
> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
> should be possible to replace the old PuTTY code with a more recent one.
>
> cheers
> Ulrich
>
>
> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
<https://forums.red-gate.com/viewtopic.php?f=198&t=78958>
> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
<http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/>
> rfc4419.html
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
<http://sdm.link/slashdot>
> _______________________________________________
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net <mailto:Freedos-user@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/freedos-user
<https://lists.sourceforge.net/lists/listinfo/freedos-user>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
<http://sdm.link/slashdot>
> _______________________________________________
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net <mailto:Freedos-user@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/freedos-user
<https://lists.sourceforge.net/lists/listinfo/freedos-user>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
<http://sdm.link/slashdot>
> _______________________________________________
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net <mailto:Freedos-user@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/freedos-user
<https://lists.sourceforge.net/lists/listinfo/freedos-user>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org!
> http://sdm.link/slashdot_______________________________________________
> Freedos-user mailing list
> Freedos-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/freedos-user
--Apple-Mail=_FB62985E-3376-4E71-8B37-98EBAD86AAFE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv="Content-Type" content="text/html
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode:
space; -webkit-line-break: after-white-space;" class=""><div class="">Wow. I am
stunned. This has solved the problem. I have spent more than a day searching
for such a solution.</div><div class=""><br class=""></div><div class="">I am
now able to log into a Ubuntu 16.04 LTS server with OpenSSH 7.2</div><div
class="">Client is a fresh install of FreeDOS 1.2 where I installed ssh2dos
with "FDNPKG install ssh2dos"</div><div class=""><br class=""></div><div
class="">Thank you very, very much!</div><div class=""><br class=""></div><div
class="">Ulrich</div><div class=""><br class=""></div><div class=""><br
class=""></div><br class=""><div><blockquote type="cite" class=""><div
class="">Am 27.01.2017 um 06:39 schrieb Dan Schmidt <<a
href="mailto:helpdesk...@gmail.com";
class="">helpdesk...@gmail.com</a>>:</div><br
class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">I
forgot - you may need to regenerate your keys with "ssh-keygen -A" after
modifying the server. </div><div class="gmail_extra"><br class=""><div
class="gmail_quote">On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <span
dir="ltr" class=""><<a href="mailto:helpdesk...@gmail.com"; target="_blank"
class="">helpdesk...@gmail.com</a>></span> wrote:<br class=""><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"><div dir="ltr" class="">I am unsure what it is that
makes ssh2dos so unstable for me - nobody else has this issue? <div
class=""><br class="">I would like to answer Ulrich on how he can modify his
Ubuntu server, but first, a warning: These algorithms were disabled because
they are obsolete and insecure. Using a token based login, such as
google-authenticator,
may be advisable if your server is public facing. </div><div class=""><br
class=""></div><div class="">Firstly, add this to your server's <span
style="" class="">/etc/ssh/sshd_config:</span><br class=""><br
class="">KexAlgorithms diffie-hellman-group1-sha1,<a
href="mailto:curve25519-sha...@libssh.org"; target="_blank" class="">cur<wbr
class="">ve25519-sha...@libssh.org</a>,<wbr
class="">ecdh-sha2-nistp256,ecdh-sha2-<wbr
class="">nistp384,ecdh-sha2-nistp521,<wbr
class="">diffie-hellman-group-exchange-<wbr
class="">sha256,diffie-hellman-group14-<wbr class="">sha1<br class="">Ciphers
3des-cbc,blowfish-cbc,aes128-<wbr class="">cbc,aes128-ctr,aes256-ctr<br
class="">HostKeyAlgorithms +ssh-dss<br class=""><br class="">Then, make use of
the -g option - it goes BEFORE your username in ssh2dos. You should now
be able to connect. </div><div class=""><br class="">I do not know why
simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it
should. Also, I was
in a rush - I may be excluding some newer options - report back if you find/add
them with success. </div><span class="HOEnZb"><font color="#888888"
class=""><div class=""><br class=""></div><div
class="">-Dan</div></font></span></div><div class="gmail_extra"><br
class=""><div class="gmail_quote"><div class=""><div class="h5">On Thu, Jan 26,
2017 at 9:42 PM, Karen Lewellen <span dir="ltr" class=""><<a
href="mailto:klewel...@shellworld.net"; target="_blank"
class="">klewel...@shellworld.net</a>></span> wrote:<br
class=""></div></div><blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><div
class="h5">Hi Bill,<br class="">
While I appreciate your desire for wisdom, I feel rather sure my specific
situation will not apply to anyone else here most likely.<br class="">
I use ssh2d386 to access at least one commercial shell, but those shell
services are maintained by others. I am not for example accessing my own
server.<br class="">
If the servers you desire reaching are run by other people, give me an
example and I will try.<br class="">
If my many years of computing has taught me anything is that the word
Personal is important for a reason.<br class="">
Kare<div class="m_-2658655359570531662HOEnZb"><div
class="m_-2658655359570531662h5"><br class="">
<br class="">
<br class="">
On Thu, 26 Jan 2017, William Dudley wrote:<br class="">
<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Karen,<br class="">
<br class="">
If you know how to get ssh2d386 to connect to a modern openssh, as on<br
class="">
Ubuntu 16.04,<br class="">
please share the recipe with us!<br class="">
<br class="">
Thanks,<br class="">
Bill Dudley<br class="">
<br class="">
<br class="">
This email is free of malware because I run Linux.<br class="">
<br class="">
On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <<a
href="mailto:klewel...@shellworld.net"; target="_blank"
class="">klewel...@shellworld.net</a>><br class="">
wrote:<br class="">
<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Well, if you have given up no point in my sharing.<br class="">
We use the same edition of Ubuntu, both with dreamhost who has my office,<br
class="">
and here at shellworld.<br class="">
While the latter requires me to make use of a few ssh2021b options, the -g<br
class="">
option for example, I encounter no issues.<br class="">
I am going to guess that things like machine speed, mine is a p3 with<br
class="">
allot of memory, impacts your situation.<br class="">
nor, I would hope, your location in the world.<br class="">
Sorry I did not notice your post before you abandoned the effort.<br
class="">
Kare<br class="">
<br class="">
<br class="">
<br class="">
On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br class="">
<br class="">
<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Am 26.01.2017 um 18:19 schrieb Karen Lewellen <<a
href="mailto:klewel...@shellworld.net"; target="_blank"
class="">klewel...@shellworld.net</a>>:<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br class="">
As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br
class="">
package ssh2021b, perhaps I can help you troubleshoot.<br class="">
<br class="">
</blockquote>
<br class="">
Hi Karen!<br class="">
<br class="">
I am using the exact same program and version.<br class="">
<br class="">
for the record, I am not using freedos, but the ms dos 7.10 package<br
class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
mentioned on this list.<br class="">
Still every day several times a day I connect to two different servers<br
class="">
using this package.<br class="">
<br class="">
</blockquote>
<br class="">
I guess your servers still run OpenSSH in versions earlier than 6.9.<br
class="">
--- Internet Rex 2.29
* Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
* Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
