Public bug reported: Cannot ssh after clients moved to openssh 7.5p
Client has openssh 7.5p. Server has openssh 7.4p from Apt on Ubuntu 17.04. After client upgraded to 7.5p, openssh deprecated some ciphers and algorithms such that user can no longer ssh into the server. This is happening despite having added those deprecated stuff as ssh arguments. It's failing at password with message 'permission denied' ssh -vvv shows $ ssh [email protected] -vvv OpenSSH_7.5p1, OpenSSL 1.0.2k 26 Jan 2017 debug1: Reading configuration data /home/toad/.ssh/config debug1: /home/toad/.ssh/config line 1: Applying options for toatoge.hopto.org debug3: kex names ok: [diffie-hellman-group1-sha1] debug2: resolving "toatoge.hopto.org" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to toatoge.hopto.org [45.72.147.1] port 22. debug1: Connection established. debug1: identity file /home/toad/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/toad/.ssh/id_rsa-cert type -1 debug1: identity file /home/toad/.ssh/id_dsa type 2 debug1: key_load_public: No such file or directory debug1: identity file /home/toad/.ssh/id_dsa-cert type -1 debug1: identity file /home/toad/.ssh/id_ecdsa type 3 debug1: key_load_public: No such file or directory debug1: identity file /home/toad/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/toad/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/toad/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.5 debug1: Remote protocol version 2.0, remote software version dropbear_0.46 debug1: no match: dropbear_0.46 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to toatoge.hopto.org:22 as 'toge' debug3: hostkeys_foreach: reading file "/home/toad/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/toad/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from toatoge.hopto.org debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: 3des-cbc debug2: ciphers stoc: 3des-cbc debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa debug2: ciphers ctos: 3des-cbc debug2: ciphers stoc: 3des-cbc debug2: MACs ctos: hmac-sha1,hmac-md5 debug2: MACs stoc: hmac-sha1,hmac-md5 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group1-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none debug1: sending SSH2_MSG_KEXDH_INIT debug2: bits set: 521/1024 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:MQXcP/tTXWJKfrytgQwPZgJyAt0WqdZTjRJ9qBeHQl8 debug3: hostkeys_foreach: reading file "/home/toad/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/toad/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from toatoge.hopto.org debug3: hostkeys_foreach: reading file "/home/toad/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/toad/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from 45.72.147.1 debug1: Host 'toatoge.hopto.org' is known and matches the RSA host key. debug1: Found key in /home/toad/.ssh/known_hosts:1 debug2: bits set: 496/1024 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /home/toad/.ssh/id_rsa (0x60005ffd0) debug1: Skipping ssh-dss key /home/toad/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes debug2: key: /home/toad/.ssh/id_ecdsa (0x60007c8a0) debug2: key: /home/toad/.ssh/id_ed25519 (0x0) debug3: send packet: type 5 debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/toad/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Offering ECDSA public key: /home/toad/.ssh/id_ecdsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/toad/.ssh/id_ed25519 debug3: no such identity: /home/toad/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: ubuntu-release-upgrader-core 1:17.04.9 ProcVersionSignature: Ubuntu 4.10.0-28.32-generic 4.10.17 Uname: Linux 4.10.0-28-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.5 Architecture: amd64 CrashDB: ubuntu Date: Sun Sep 3 08:12:26 2017 InstallationDate: Installed on 2017-07-14 (51 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) PackageArchitecture: all SourcePackage: ubuntu-release-upgrader Symptom: release-upgrade UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: ubuntu-release-upgrader (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug dist-upgrade zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714774 Title: Cannot ssh into Ubuntu server anymore To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1714774/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
