From: Ulrich Hansen <my.gr...@mailbox.org>
--===============1286602081422601077== Content-Type: multipart/alternative; boundary="Apple-Mail=_FB62985E-3376-4E71-8B37-98EBAD86AAFE" --Apple-Mail=_FB62985E-3376-4E71-8B37-98EBAD86AAFE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Wow. I am stunned. This has solved the problem. I have spent more than a day searching for such a solution. I am now able to log into a Ubuntu 16.04 LTS server with OpenSSH 7.2 Client is a fresh install of FreeDOS 1.2 where I installed ssh2dos with "FDNPKG install ssh2dos" Thank you very, very much! Ulrich > Am 27.01.2017 um 06:39 schrieb Dan Schmidt <helpdesk...@gmail.com>: > > I forgot - you may need to regenerate your keys with "ssh-keygen -A" after modifying the server. > > On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <helpdesk...@gmail.com <mailto:helpdesk...@gmail.com>> wrote: > I am unsure what it is that makes ssh2dos so unstable for me - nobody else has this issue? > > I would like to answer Ulrich on how he can modify his Ubuntu server, but first, a warning: These algorithms were disabled because they are obsolete and insecure. Using a token based login, such as google-authenticator, may be advisable if your server is public facing. > > Firstly, add this to your server's /etc/ssh/sshd_config: > > KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha...@libssh.org <mailto:curve25519-sha...@libssh.org>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 > Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr > HostKeyAlgorithms +ssh-dss > > Then, make use of the -g option - it goes BEFORE your username in ssh2dos. You should now be able to connect. > > I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it should. Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success. > > -Dan > > On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <klewel...@shellworld.net <mailto:klewel...@shellworld.net>> wrote: > Hi Bill, > While I appreciate your desire for wisdom, I feel rather sure my specific situation will not apply to anyone else here most likely. > I use ssh2d386 to access at least one commercial shell, but those shell services are maintained by others. I am not for example accessing my own server. > If the servers you desire reaching are run by other people, give me an example and I will try. > If my many years of computing has taught me anything is that the word Personal is important for a reason. > Kare > > > > On Thu, 26 Jan 2017, William Dudley wrote: > > Karen, > > If you know how to get ssh2d386 to connect to a modern openssh, as on > Ubuntu 16.04, > please share the recipe with us! > > Thanks, > Bill Dudley > > > This email is free of malware because I run Linux. > > On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <klewel...@shellworld.net <mailto:klewel...@shellworld.net>> > wrote: > > Well, if you have given up no point in my sharing. > We use the same edition of Ubuntu, both with dreamhost who has my office, > and here at shellworld. > While the latter requires me to make use of a few ssh2021b options, the -g > option for example, I encounter no issues. > I am going to guess that things like machine speed, mine is a p3 with > allot of memory, impacts your situation. > nor, I would hope, your location in the world. > Sorry I did not notice your post before you abandoned the effort. > Kare > > > > On Fri, 27 Jan 2017, Ulrich Hansen wrote: > > > Am 26.01.2017 um 18:19 schrieb Karen Lewellen <klewel...@shellworld.net <mailto:klewel...@shellworld.net>>: > > As I am presently writing this e-mail using ssh2d386 from the ssh2dos > package ssh2021b, perhaps I can help you troubleshoot. > > > Hi Karen! > > I am using the exact same program and version. > > for the record, I am not using freedos, but the ms dos 7.10 package > mentioned on this list. > Still every day several times a day I connect to two different servers > using this package. > > > I guess your servers still run OpenSSH in versions earlier than 6.9. > > may I ask again what your issue is presently? > > > Actually I have given up on it. I spent another day trying to get it to > work, but without success. > > The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with > OpenSSH 7.2. > > SSH2D386 gives the message: > > Expected KEX_DH_GEX_GROUP > DH key exchange failed > > The server logs: > Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol > error: type 30 seq 1 [preauth] > Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received > disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO > > As I wrote I already had problems connecting to a Debian 8 server with > OpenSSH 6.7. > But there I could fix it with these lines in /etc/ssh/sshd_config on the > server. > > Ciphers aes128-cbc > KexAlgorithms diffie-hellman-group-exchange-sha1 > MACs hmac-sha1 > HostKeyAlgorithms ssh-css > > But in OpenSSH 7.2 this didnrCOt work. > > What else did I try? > > I tried to set MTU=576 in C:\FDOS\WATTCP.CFG. > > I tried to recompile OpenSSH. > The first time with adding this line in in compat.c: > { "SSHDOS*", SSH_OLD_DHGEX }, > The second time with this one: > { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX }, > > Both were not able to let SSH2D386 connect. It worked great with other > SSH clients. > > The idea was that SSH2DOS uses code from PuTTY and there were already > several exceptions in combat.c for old PuTTY versions. The reason seems to > be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did > not. See [1], [2]. > > I even looked at the SSH2DOS source code. But I have no experience with > OpenWatcom. I installed it but gave up, when I saw I also had to compile > the WATT32 TCP/IP stack. > > SSH2DOS uses PuTTY code, which is also Free Software. So in theory it > should be possible to replace the old PuTTY code with a more recent one. > > cheers > Ulrich > > > [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958 <https://forums.red-gate.com/viewtopic.php?f=198&t=78958> > [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ <http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/> > rfc4419.html > > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot <http://sdm.link/slashdot> > _______________________________________________ > Freedos-user mailing list > Freedos-user@lists.sourceforge.net <mailto:Freedos-user@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/freedos-user <https://lists.sourceforge.net/lists/listinfo/freedos-user> > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot <http://sdm.link/slashdot> > _______________________________________________ > Freedos-user mailing list > Freedos-user@lists.sourceforge.net <mailto:Freedos-user@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/freedos-user <https://lists.sourceforge.net/lists/listinfo/freedos-user> > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot <http://sdm.link/slashdot> > _______________________________________________ > Freedos-user mailing list > Freedos-user@lists.sourceforge.net <mailto:Freedos-user@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/freedos-user <https://lists.sourceforge.net/lists/listinfo/freedos-user> > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! > http://sdm.link/slashdot_______________________________________________ > Freedos-user mailing list > Freedos-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freedos-user --Apple-Mail=_FB62985E-3376-4E71-8B37-98EBAD86AAFE Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Wow. I am stunned. This has solved the problem. I have spent more than a day searching for such a solution.</div><div class=""><br class=""></div><div class="">I am now able to log into a Ubuntu 16.04 LTS server with OpenSSH 7.2</div><div class="">Client is a fresh install of FreeDOS 1.2 where I installed ssh2dos with "FDNPKG install ssh2dos"</div><div class=""><br class=""></div><div class="">Thank you very, very much!</div><div class=""><br class=""></div><div class="">Ulrich</div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">Am 27.01.2017 um 06:39 schrieb Dan Schmidt <<a href="mailto:helpdesk...@gmail.com" class="">helpdesk...@gmail.com</a>>:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">I forgot - you may need to regenerate your keys with "ssh-keygen -A" after modifying the server. </div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <span dir="ltr" class=""><<a href="mailto:helpdesk...@gmail.com" target="_blank" class="">helpdesk...@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">I am unsure what it is that makes ssh2dos so unstable for me - nobody else has this issue? <div class=""><br class="">I would like to answer Ulrich on how he can modify his Ubuntu server, but first, a warning: These algorithms were disabled because they are obsolete and insecure. Using a token based login, such as google-authenticator, may be advisable if your server is public facing. </div><div class=""><br class=""></div><div class="">Firstly, add this to your server's <span style="" class="">/etc/ssh/sshd_config:</span><br class=""><br class="">KexAlgorithms diffie-hellman-group1-sha1,<a href="mailto:curve25519-sha...@libssh.org" target="_blank" class="">cur<wbr class="">ve25519-sha...@libssh.org</a>,<wbr class="">ecdh-sha2-nistp256,ecdh-sha2-<wbr class="">nistp384,ecdh-sha2-nistp521,<wbr class="">diffie-hellman-group-exchange-<wbr class="">sha256,diffie-hellman-group14-<wbr class="">sha1<br class="">Ciphers 3des-cbc,blowfish-cbc,aes128-<wbr class="">cbc,aes128-ctr,aes256-ctr<br class="">HostKeyAlgorithms +ssh-dss<br class=""><br class="">Then, make use of the -g option - it goes BEFORE your username in ssh2dos. You should now be able to connect. </div><div class=""><br class="">I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it should. Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success. </div><span class="HOEnZb"><font color="#888888" class=""><div class=""><br class=""></div><div class="">-Dan</div></font></span></div><div class="gmail_extra"><br class=""><div class="gmail_quote"><div class=""><div class="h5">On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <span dir="ltr" class=""><<a href="mailto:klewel...@shellworld.net" target="_blank" class="">klewel...@shellworld.net</a>></span> wrote:<br class=""></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><div class="h5">Hi Bill,<br class=""> While I appreciate your desire for wisdom, I feel rather sure my specific situation will not apply to anyone else here most likely.<br class=""> I use ssh2d386 to access at least one commercial shell, but those shell services are maintained by others. I am not for example accessing my own server.<br class=""> If the servers you desire reaching are run by other people, give me an example and I will try.<br class=""> If my many years of computing has taught me anything is that the word Personal is important for a reason.<br class=""> Kare<div class="m_-2658655359570531662HOEnZb"><div class="m_-2658655359570531662h5"><br class=""> <br class=""> <br class=""> On Thu, 26 Jan 2017, William Dudley wrote:<br class=""> <br class=""> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Karen,<br class=""> <br class=""> If you know how to get ssh2d386 to connect to a modern openssh, as on<br class=""> Ubuntu 16.04,<br class=""> please share the recipe with us!<br class=""> <br class=""> Thanks,<br class=""> Bill Dudley<br class=""> <br class=""> <br class=""> This email is free of malware because I run Linux.<br class=""> <br class=""> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <<a href="mailto:klewel...@shellworld.net" target="_blank" class="">klewel...@shellworld.net</a>><br class=""> wrote:<br class=""> <br class=""> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Well, if you have given up no point in my sharing.<br class=""> We use the same edition of Ubuntu, both with dreamhost who has my office,<br class=""> and here at shellworld.<br class=""> While the latter requires me to make use of a few ssh2021b options, the -g<br class=""> option for example, I encounter no issues.<br class=""> I am going to guess that things like machine speed, mine is a p3 with<br class=""> allot of memory, impacts your situation.<br class=""> nor, I would hope, your location in the world.<br class=""> Sorry I did not notice your post before you abandoned the effort.<br class=""> Kare<br class=""> <br class=""> <br class=""> <br class=""> On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br class=""> <br class=""> <br class=""> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <<a href="mailto:klewel...@shellworld.net" target="_blank" class="">klewel...@shellworld.net</a>>:<br class=""> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br class=""> As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br class=""> package ssh2021b, perhaps I can help you troubleshoot.<br class=""> <br class=""> </blockquote> <br class=""> Hi Karen!<br class=""> <br class=""> I am using the exact same program and version.<br class=""> <br class=""> for the record, I am not using freedos, but the ms dos 7.10 package<br class=""> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> mentioned on this list.<br class=""> Still every day several times a day I connect to two different servers<br class=""> using this package.<br class=""> <br class=""> </blockquote> <br class=""> I guess your servers still run OpenSSH in versions earlier than 6.9.<br class=""> --- Internet Rex 2.29 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901) --- Synchronet 3.15a-Linux ListGate 1.3 * Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user