From: Dan Schmidt <helpdesk...@gmail.com> --===============0780098062071741077== Content-Type: multipart/alternative; boundary=001a1142b0eecdb1c005470cdeeb
--001a1142b0eecdb1c005470cdeeb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I am unsure what it is that makes ssh2dos so unstable for me - nobody else has this issue? I would like to answer Ulrich on how he can modify his Ubuntu server, but first, a warning: These algorithms were disabled because they are obsolete and insecure. Using a token based login, such as google-authenticator, may be advisable if your server is public facing. Firstly, add this to your server's /etc/ssh/sshd_config: KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha...@libssh.org ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr HostKeyAlgorithms +ssh-dss Then, make use of the -g option - it goes BEFORE your username in ssh2dos. You should now be able to connect. I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it should. Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success. -Dan On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <klewel...@shellworld.net> wrote: > Hi Bill, > While I appreciate your desire for wisdom, I feel rather sure my specific > situation will not apply to anyone else here most likely. > I use ssh2d386 to access at least one commercial shell, but those shell > services are maintained by others. I am not for example accessing my own > server. > If the servers you desire reaching are run by other people, give me an > example and I will try. > If my many years of computing has taught me anything is that the word > Personal is important for a reason. > Kare > > > > On Thu, 26 Jan 2017, William Dudley wrote: > > Karen, >> >> If you know how to get ssh2d386 to connect to a modern openssh, as on >> Ubuntu 16.04, >> please share the recipe with us! >> >> Thanks, >> Bill Dudley >> >> >> This email is free of malware because I run Linux. >> >> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <klewel...@shellworld.net >> > >> wrote: >> >> Well, if you have given up no point in my sharing. >>> We use the same edition of Ubuntu, both with dreamhost who has my office, >>> and here at shellworld. >>> While the latter requires me to make use of a few ssh2021b options, the >>> -g >>> option for example, I encounter no issues. >>> I am going to guess that things like machine speed, mine is a p3 with >>> allot of memory, impacts your situation. >>> nor, I would hope, your location in the world. >>> Sorry I did not notice your post before you abandoned the effort. >>> Kare >>> >>> >>> >>> On Fri, 27 Jan 2017, Ulrich Hansen wrote: >>> >>> >>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <klewel...@shellworld.net >>>> >: >>>> >>>>> >>>>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos >>>>> package ssh2021b, perhaps I can help you troubleshoot. >>>>> >>>>> >>>> Hi Karen! >>>> >>>> I am using the exact same program and version. >>>> >>>> for the record, I am not using freedos, but the ms dos 7.10 package >>>> >>>>> mentioned on this list. >>>>> Still every day several times a day I connect to two different servers >>>>> using this package. >>>>> >>>>> >>>> I guess your servers still run OpenSSH in versions earlier than 6.9. >>>> >>>> may I ask again what your issue is presently? >>>> >>>>> >>>>> >>>> Actually I have given up on it. I spent another day trying to get it to >>>> work, but without success. >>>> >>>> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with >>>> OpenSSH 7.2. >>>> >>>> SSH2D386 gives the message: >>>> >>>> Expected KEX_DH_GEX_GROUP >>>> DH key exchange failed >>>> >>>> The server logs: >>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol >>>> error: type 30 seq 1 [preauth] >>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received >>>> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO >>>> >>>> As I wrote I already had problems connecting to a Debian 8 server with >>>> OpenSSH 6.7. >>>> But there I could fix it with these lines in /etc/ssh/sshd_config on the >>>> server. >>>> >>>> Ciphers aes128-cbc >>>> KexAlgorithms diffie-hellman-group-exchange-sha1 >>>> MACs hmac-sha1 >>>> HostKeyAlgorithms ssh-css >>>> >>>> But in OpenSSH 7.2 this didnrCOt work. >>>> >>>> What else did I try? >>>> >>>> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG. >>>> >>>> I tried to recompile OpenSSH. >>>> The first time with adding this line in in compat.c: >>>> { "SSHDOS*", SSH_OLD_DHGEX }, >>>> The second time with this one: >>>> { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX }, >>>> >>>> Both were not able to let SSH2D386 connect. It worked great with other >>>> SSH clients. >>>> >>>> The idea was that SSH2DOS uses code from PuTTY and there were already >>>> several exceptions in combat.c for old PuTTY versions. The reason seems >>>> to >>>> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS >>>> did >>>> not. See [1], [2]. >>>> >>>> I even looked at the SSH2DOS source code. But I have no experience with >>>> OpenWatcom. I installed it but gave up, when I saw I also had to compile >>>> the WATT32 TCP/IP stack. >>>> >>>> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it >>>> should be possible to replace the old PuTTY code with a more recent one. >>>> >>>> cheers >>>> Ulrich >>>> >>>> >>>> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958 >>>> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ >>>> rfc4419.html >>>> >>>> >>>> >>>> ------------------------------------------------------------ >>>> ------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> Freedos-user mailing list >>>> Freedos-user@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/freedos-user >>>> >>>> >>> ------------------------------------------------------------ >>> ------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Freedos-user mailing list >>> Freedos-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/freedos-user >>> >>> >>> > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Freedos-user mailing list > Freedos-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freedos-user > > --001a1142b0eecdb1c005470cdeeb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir="ltr">I am unsure what it is that makes ssh2dos so unstable for me - nobody else has this issue?-a<div><br>I would like to answer Ulrich on how he can modify his Ubuntu server, but first, a warning: These algorithms were disabled because they are obsolete and insecure.-a Using a token based login, such as google-authenticator, may be advisable if your server is public facing. -a</div><div><br></div><div>Firstly, add this to your server's-a<span style="color:rgb(0,0,0)">/etc/ssh/sshd_config:</span><br><br>KexAlgorithms diffie-hellman-group1-sha1,<a href="mailto:curve25519-sha...@libssh.org">curve25519-sha...@libssh.org</a>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1<br>Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr<br>HostKeyAlgorithms +ssh-dss<br><br>Then, make use of the -g option - it goes BEFORE your username in ssh2dos.-a You should now be able to connect. -a</div><div><br>I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it should.-a Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success.-a</div><div><br></div><div>-Dan</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <span dir="ltr"><<a href="mailto:klewel...@shellworld.net" target="_blank">klewel...@shellworld.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8 ex;border-left:1px #ccc solid;padding-left:1ex">Hi Bill,<br> While I appreciate your desire for wisdom, I feel rather sure-a my specific situation will not apply to anyone else here most likely.<br> I use ssh2d386 to-a access at least one commercial shell, but those shell services are maintained by others.-a I am not for example accessing my own server.<br> If the servers you desire reaching are run by other people,-a give me an example and I will try.<br> If my many years of computing has taught me anything is that the word Personal-a is important for a reason.<br> Kare<div class="HOEnZb"><div class="h5"><br> <br> <br> On Thu, 26 Jan 2017, William Dudley wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Karen,<br> <br> If you know how to get ssh2d386 to connect to a modern openssh, as on<br> Ubuntu 16.04,<br> please share the recipe with us!<br> <br> Thanks,<br> Bill Dudley<br> <br> <br> This email is free of malware because I run Linux.<br> <br> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <<a href="mailto:klewel...@shellworld.net" target="_blank">klewel...@shellworld.net</a>><br> wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Well, if you have given up no point in my sharing.<br> We use the same edition of Ubuntu, both with dreamhost who has my office,<br> and here at shellworld.<br> While the latter requires me to make use of a few ssh2021b options, the -g<br> option-a for example, I encounter no issues.<br> I am going to guess that-a things like machine speed, mine is a p3 with<br> allot of memory, impacts your situation.<br> nor, I would hope, your-a location in the world.<br> Sorry I did not notice your post before you abandoned-a the effort.<br> Kare<br> <br> <br> <br> On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br> <br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <<a href="mailto:klewel...@shellworld.net" target="_blank">klewel...@shellworld.net</a>>:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br> package ssh2021b,-a perhaps I can help you troubleshoot.<br> <br> </blockquote> <br> Hi Karen!<br> <br> I am using the exact same program and version.<br> <br> for the record, I am not using freedos, but-a the ms dos 7.10 package<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> mentioned on this list.<br> Still every day several times a day I connect-a to two different servers<br> using-a this package.<br> <br> </blockquote> <br> I guess your servers still run OpenSSH in versions earlier than 6.9.<br> <br> may I ask again what your issue is presently?<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> </blockquote> <br> Actually I have given up on it. I spent another day trying to get it to<br> work, but without success.<br> <br> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with<br> OpenSSH 7.2.<br> <br> SSH2D386 gives the message:<br> <br> -a -a Expected KEX_DH_GEX_GROUP<br> -a -a DH key exchange failed<br> <br> The server logs:<br> -a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol<br> error: type 30 seq 1 [preauth]<br> -a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received<br> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO<br> <br> As I wrote I already had problems connecting to a Debian 8 server with<br> OpenSSH 6.7.<br> But there I could fix it with these lines in /etc/ssh/sshd_config on the<br> server.<br> <br> -a -a Ciphers aes128-cbc<br> -a -a KexAlgorithms diffie-hellman-group-exchange-<wbr>sha1<br> -a -a MACs hmac-sha1<br> -a -a HostKeyAlgorithms ssh-css<br> <br> But in OpenSSH 7.2 this didnrCOt work.<br> <br> What else did I try?<br> <br> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.<br> <br> I tried to recompile OpenSSH.<br> The first time with adding this line in in compat.c:<br> -a -a { "SSHDOS*",-a -a -a -a -a -a -a -a SSH_OLD_DHGEX },<br> The second time with this one:<br> -a -a { "SSHDOS*",-a -a -a -a -a -a -a -a SSH_BUG_NOREKEY|SSH_BUG_FIRSTK<wbr>EX },<br> <br> Both were not able to let SSH2D386 connect. It worked great with other<br> SSH clients.<br> <br> The idea was that SSH2DOS uses code from PuTTY and there were already<br> several exceptions in combat.c for old PuTTY versions. The reason seems to<br> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did<br> not. See [1], [2].<br> <br> I even looked at the SSH2DOS source code. But I have no experience with<br> OpenWatcom. I installed it but gave up, when I saw I also had to compile<br> the WATT32 TCP/IP stack.<br> <br> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it<br> should be possible to replace the old PuTTY code with a more recent one.<br> <br> cheers<br> Ulrich<br> <br> <br> [1] <a href="https://forums.red-gate.com/viewtopic.php?f=198&t=78958" rel="noreferrer" target="_blank">https://forums.red-gate.com/vi<wbr>ewtopic.php?f=198&t=78958</a><br> [2] <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/" rel="noreferrer" target="_blank">http://www.chiark.greenend.org<wbr>.uk/~sgtatham/putty/wishlist/</a><br> rfc4419.html<br> <br> <br> <br> ------------------------------<wbr>------------------------------<br> ------------------<br> Check out the vibrant tech community on one of the world's most<br> engaging tech sites, SlashDot.org! <a href="http://sdm.link/slashdot" rel="noreferrer" target="_blank">http://sdm.link/slashdot</a><br> ______________________________<wbr>_________________<br> Freedos-user mailing list<br> <a href="mailto:Freedos-user@lists.sourceforge.net" target="_blank">Freedos-user@lists.sourceforge<wbr>.net</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/freedos-user" rel="noreferrer" target="_blank">https://lists.sourceforge.net/<wbr>lists/listinfo/freedos-user</a><br> <br> </blockquote> <br> ------------------------------<wbr>------------------------------<br> ------------------<br> Check out the vibrant tech community on one of the world's most<br> engaging tech sites, SlashDot.org! <a href="http://sdm.link/slashdot" rel="noreferrer" target="_blank">http://sdm.link/slashdot</a><br> ______________________________<wbr>_________________<br> Freedos-user mailing list<br> <a href="mailto:Freedos-user@lists.sourceforge.net" target="_blank">Freedos-user@lists.sourceforge<wbr>.net</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/freedos-user" rel="noreferrer" target="_blank">https://lists.sourceforge.net/<wbr>lists/listinfo/freedos-user</a><br> --- Internet Rex 2.29 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901) --- Synchronet 3.15a-Linux ListGate 1.3 * Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user