Re: [X2Go-User] kex error
Mihai Moldovan schrieb am 29.01.2016 um 18:38: > Note that libssh versions from 0.5.3 onwards also support the group14-sha1 key > exchange algorithm. Debian Wheezy is shipping 0.5.4, so that would be covered. > Unless you need even older client to connect to the server (for instance > Ubuntu > Precise), I suggest removing "diffie-hellman-group1-sha1" from the > KexAlgorithms > key again, because "diffie-hellman-group14-sha1" - which is also in the list - > should be enough to let X2Go Client (via libssh) connect to the server. i can confirm that "diffie-hellman-group1-sha1" ist not necessary with older x2go clients and "diffie-hellman-group14-sha1" is enough. Thanks for the hint! Regards Klaus ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
Stefan Baur schrieb am 29.01.2016 um 18:16: > which ends up in two lines in e-mail, due to the enforced line > break at the blank. ;-) Haha, sure Stefan :-) ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
On 29.01.2016 06:13 PM, KARL A. WOELFER wrote: > Mihai - > > Your tip was spot - on. Everything looks to be working now, thank you so much > for the troubleshooting. > Thanks to everyone for their support. As a general piece of advise: all lines in sshd_config (and ssh_config) are key-value pairs. If you don't specify a value for a key, sshd will either error out while parsing its config file during startup or assume an empty value for the key. Then, it will definitely error out while parsing the next line because it found an unknown key. Note that libssh versions from 0.5.3 onwards also support the group14-sha1 key exchange algorithm. Debian Wheezy is shipping 0.5.4, so that would be covered. Unless you need even older client to connect to the server (for instance Ubuntu Precise), I suggest removing "diffie-hellman-group1-sha1" from the KexAlgorithms key again, because "diffie-hellman-group14-sha1" - which is also in the list - should be enough to let X2Go Client (via libssh) connect to the server. Try setting KexAlgorithms to (I'll only post the value here, hope you can deduce the full line in sshd_config from my previous explanation -- and make sure that it's one line only, i.e., just copy-pasting from my mail may split it onto several lines): curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 Restart sshd and see if X2Go Client can connect. If it does not, try this: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 Restart sshd, X2Go Client connect. If it still does not, you'll need to use the original value, i.e.: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 Mihai signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
Mihai - Your tip was spot - on. Everything looks to be working now, thank you so much for the troubleshooting. Thanks to everyone for their support. Best regards, - Karl De : Mihai Moldovan Envoyé : vendredi 29 janvier 2016 09:10 À : KARL A. WOELFER; x2go-user@lists.x2go.org Objet : Re: [X2Go-User] kex error On 29.01.2016 06:07 PM, KARL A. WOELFER wrote: > Thanks Mihai - > > Great point - I will check the ssh server. > Here is the sshd_config on the server (I commented out the KexAlgorithms > section, to re-enable normal ssh) : > [...] > # KexAlgorithms > # > curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 You must NOT write this on two lines. This MUST be on one line. This is the reason sshd did not start. Mihai ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Am 29.01.2016 um 18:14 schrieb Klaus Fuerstberger: > Option and value should be on one line. > > Here is my working entry: > > KexAlgorithms > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 ... > which ends up in two lines in e-mail, due to the enforced line break at the blank. ;-) - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWq55WAAoJEG7d9BjNvlEZUygH/j/4EPT/xN5M6/G0KjTNmPQ6 LBepYhFcUc7eSGJToM1EX7Pi1qa6kUuvWkQf0SJVdp5RI08H9COSSvULlqCZlc77 CRZLhEkYC7ngbdCaYPr6GQZkyBmbCinKo5udFozySLOhCv1LY5NC9+lggQpHcUcP TJdM/FhvDF7N9dVL/A0AKAGULPjduyThBdbUOo8zJZ91hxdQ+Gx3MCIhYZIaB97V dQQlm3WTQwAHNaB6NJSQUrXeawEzl8KKCvAyk11LbS5VGT0XdPl+NDWbbYZh5hTS 5cIDyDdzmmMh0+bRie0X1BnmydDEg/tvO4hMz8bUdjQCm2VrFg8PhpZLzUpBj1g= =f/aL -END PGP SIGNATURE- ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
KARL A. WOELFER schrieb am 29.01.2016 um 18:03: > # KexAlgorithms > # > curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 Option and value should be on one line. Here is my working entry: KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 Regards Klaus ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
On 29.01.2016 06:07 PM, KARL A. WOELFER wrote: > Thanks Mihai - > > Great point - I will check the ssh server. > Here is the sshd_config on the server (I commented out the KexAlgorithms > section, to re-enable normal ssh) : > [...] > # KexAlgorithms > # > curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 You must NOT write this on two lines. This MUST be on one line. This is the reason sshd did not start. Mihai signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
Thank you for the quick response Stefan. I did pursue Option #2, but only adding a KexAlgorithms section to /etc/ssh/sshd_config on the server. Here is my sshd_config (with KexAlgorithms commented out, to re-enable regular ssh connections) # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 1024 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin without-password StrictModes yes # KexAlgorithms # curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes Thank you again for your time and expertise. - Karl De : x2go-user-boun...@lists.x2go.org de la part de Stefan Baur Envoyé : vendredi 29 janvier 2016 08:50 À : x2go-user@lists.x2go.org Objet : Re: [X2Go-User] kex error -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Am 29.01.2016 um 17:37 schrieb KARL A. WOELFER: > Thank you Klaus - I added the workaround, on the Debian 8 x2go > server workstation, but now all ssh connections are refused. > > x2go client says "Connection refused". > > Is there something more to do? I see two options/workarounds listed at http://permalink.gmane.org/gmane.linux.terminal-server.x2go.user/2368 - I'm assuming you went for the second option, is that correct? If so, a copy of your /etc/ssh/sshd_config would greatly aid in helping you resolve this. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWq5hZAAoJEG7d9BjNvlEZaBoIAJQKmP8EqhtxqF1d1A09YCfq KHn8zZ2pE7UPeQAaTk/VTBSk2UPruN1yqAIU3v8nZsYgSGlL5CsS+T+RhByf6ND1 vRVvfvRJ2a4y68EeXHRz3E5OgD7XsWwNtIh4gqbbQj+bM9AqGe+Ho226Zb6ZyHZ2 VWH4Pc8qXI5ftybJTboMNE0U9sIM5zs0jkDYWNWvkBXszXmqUaekN/rPk256q76Y eT0VsLN1AptQYII0xwgHYF7pMrLfUERJ51FO81Zwj+l+J0mye6E08vAAE5plflXE ds2YJHpQbaJQLIDunWX34fx0lqSlw9/WMEONtpxvGbrZBhpnHb4R0Wp/EmJ7Lq0= =tjf8 -END PGP SIGNATURE- ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
On 29.01.2016 05:37 PM, KARL A. WOELFER wrote: > Thank you Klaus - I added the workaround, on the Debian 8 x2go server > workstation, > but now all ssh connections are refused. > > x2go client says "Connection refused". > > Is there something more to do? "Connection refused" means that the SSH server is not running. Please make sure it is started. Maybe it was unable to parse the modified configuration file and fails starting as a consequence. Mihai signature.asc Description: OpenPGP digital signature ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Am 29.01.2016 um 17:37 schrieb KARL A. WOELFER: > Thank you Klaus - I added the workaround, on the Debian 8 x2go > server workstation, but now all ssh connections are refused. > > x2go client says "Connection refused". > > Is there something more to do? I see two options/workarounds listed at http://permalink.gmane.org/gmane.linux.terminal-server.x2go.user/2368 - I'm assuming you went for the second option, is that correct? If so, a copy of your /etc/ssh/sshd_config would greatly aid in helping you resolve this. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWq5hZAAoJEG7d9BjNvlEZaBoIAJQKmP8EqhtxqF1d1A09YCfq KHn8zZ2pE7UPeQAaTk/VTBSk2UPruN1yqAIU3v8nZsYgSGlL5CsS+T+RhByf6ND1 vRVvfvRJ2a4y68EeXHRz3E5OgD7XsWwNtIh4gqbbQj+bM9AqGe+Ho226Zb6ZyHZ2 VWH4Pc8qXI5ftybJTboMNE0U9sIM5zs0jkDYWNWvkBXszXmqUaekN/rPk256q76Y eT0VsLN1AptQYII0xwgHYF7pMrLfUERJ51FO81Zwj+l+J0mye6E08vAAE5plflXE ds2YJHpQbaJQLIDunWX34fx0lqSlw9/WMEONtpxvGbrZBhpnHb4R0Wp/EmJ7Lq0= =tjf8 -END PGP SIGNATURE- ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
Thank you Klaus - I added the workaround, on the Debian 8 x2go server workstation, but now all ssh connections are refused. x2go client says "Connection refused". Is there something more to do? Thank you for your time and expertise. - Karl De : x2go-user-boun...@lists.x2go.org de la part de Klaus Fuerstberger Envoyé : jeudi 28 janvier 2016 23:49 À : x2go-user@lists.x2go.org Objet : Re: [X2Go-User] kex error KARL A. WOELFER schrieb am 29.01.2016 um 01:20: > My previous X2go clients (V4.0.3.0, running on Debian 7) cannot connect to > this new server, giving the following. > kex error : did not find one of algos diffie-hellman-group1-sha1 in list > curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 > for kex algos http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=472 Regards Klaus ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] kex error
KARL A. WOELFER schrieb am 29.01.2016 um 01:20: > My previous X2go clients (V4.0.3.0, running on Debian 7) cannot connect to > this new server, giving the following. > kex error : did not find one of algos diffie-hellman-group1-sha1 in list > curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 > for kex algos http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=472 Regards Klaus ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
[X2Go-User] kex error RE: Debian 8.3 - packages cannot be installed
> maybe you enabled security.debian.org, but not ftp.debian.org? that was indeed what prevented installation, thank you ! Now, is there some new configuration with keys? My previous X2go clients (V4.0.3.0, running on Debian 7) cannot connect to this new server, giving the following. kex error : did not find one of algos diffie-hellman-group1-sha1 in list curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 for kex algos Thank you again for your time and expertise. - Karl De : x2go-user-boun...@lists.x2go.org de la part de Stefan Baur Envoyé : jeudi 28 janvier 2016 12:27 À : x2go-user@lists.x2go.org Objet : Re: [X2Go-User] Debian 8.3 - packages cannot be installed -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Am 28.01.2016 um 20:51 schrieb KARL A. WOELFER: > I am not able to install x2go on the latest Debian 8.3 (amd64). Is > this a known problem? Unable to reproduce. Works just fine here. You did run apt-get update before running apt-get install x2goserver, right? If not, please do so, and try again. If you did, or if the problem persists, please post the content of your sources.list. Your error messages might hint at missing Debian repositories (maybe you enabled security.debian.org, but not ftp.debian.org? - your sources.list will tell us more). Kind Regards, Stefan Baur - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWqnm6AAoJEG7d9BjNvlEZGp4H/38Ea+UGNPQhxjqeYmxPvoyG Z2I701XclUNIts7PdKsvFPbkiuVRCNrPsrU7o0aW8xD0quX23oUCAu29XWcrOZNa mRGmfjv1QTsVHVqJ3+WCl8yQfs9CmtUY23uhkpEg6TjjnG6otWMtGONRxmBJDeZo 9ChX2fSrZEjAVc9ICS6aOHQpQCXSv1Mwr+edDQ4dY7y0G/vN6amBc9MSoFFdMTfX Qeih8k3gbnO8/Vg5CLVx0wuf7/S5ugzClWcaa2vWUXVM/LTwzPu3nK9cMabo6mAp 3zaK4KXjdpjLwnA1XemJ8zLx2WhC5XTFwfYFq7FrYukDg2niHiAT/R5VMsZdzdo= =JbYW -END PGP SIGNATURE- ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user