Am 19.10.2015 17:06, schrieb Robert Dinse:
the new version of openssh disabled certain insecure ciphers...
Version7 is what you mean. I use 6.9 on both client and server.
you can add the following line to your /etc/ssh/sshd_config manually enable the insecure old ciphers:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Adding these ciphers doesn't help - same algo error,
Thats wired coz I can ssh to the server without any issues.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Mon, 19 Oct 2015, is@k4ts.net wrote:
Date: Mon, 19 Oct 2015 15:12:43 +0200 From: is@k4ts.net To: x2go-user@lists.x2go.org Subject: [X2Go-User] ssh kex error
hi, i'm not able to connect to my new hardened gentoo server using x2go.
No matter which key type i select for the connection, the client (v. 4.0.5.0) terminates with the following:
kex error : no match for method server host key algo: server [ssh-rsa,ssh-ed25519], client [ecdsa-sha2-nistp256]
I have rsa and ed25519 keys on my client and server.
sshing from the shell works like always. log is attached.
do you have an idea, whats might wrong?
thx, k4t
k4tfish@e10 ~ $ ssh k4tfish@host OpenSSH_6.9p1-hpn14v5, OpenSSL 1.0.2d 9 Jul 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to host.net port 51822. debug1: Connection established. debug1: identity file /home/k4tfish/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/k4tfish/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9p1-hpn14v5 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9p1-hpn14v5 debug1: match: OpenSSH_6.9p1-hpn14v5 pat OpenSSH* compat 0x04000000 debug1: Authenticating to host...net:51822 as 'k4tfish' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com' debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com' debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:xyz debug1: Host '[host.net]:51822' is known and matches the ED25519 host key. debug1: Found key in /home/k4tfish/.ssh/known_hosts:203 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/k4tfish/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to host ([123.123.456.7]:51822). debug1: Final hpn_buffer_size = 2097152 debug1: HPN Disabled: 0, HPN Buffer Size: 2097152 debug1: channel 0: new [client-session] debug1: Enabled Dynamic Window Scaling debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Sending environment. debug1: Sending env LC_COLLATE = C debug1: Sending env LANG = en_US.utf8
x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Hi, I have a connection to a x2go server (slurm login node) that works fine, but my issue is that when I open a terminal and try to ssh into a node it just hangs until it times out.
Is there any restriction for it?
I am connecting to the x2go server using password or ssh key, and trying to ssh to the node using ssh key or password, it doesn't matter.
Thanks.
Am 13.11.18 um 15:49 schrieb Josep Manel Andrés Moscardó:
Hi, I have a connection to a x2go server (slurm login node) that works fine, but my issue is that when I open a terminal and try to ssh into a node it just hangs until it times out.
Is there any restriction for it?
I am connecting to the x2go server using password or ssh key, and trying to ssh to the node using ssh key or password, it doesn't matter.
Thanks.
Using a key file isn't trivial in this situation. I would suggest making your first attempts using a regular username/password combinations.
First, try pinging the destination server from within the X2Go session.
If you can't ping it, the problem might not be with SSH but with an underlying network (mis)configuration). Running traceroute and looking at/posting the output can't hurt, either.
Also, crank up the verbosity level of the ssh client inside the X2Go session like so:
ssh -vvv user@host
You might also want to try to ping with larger packet sizes, like so:
ping -s 1500 host
if a regular ping works, but it fails when specifying "-s 1500", it might be an MTU issue. Start decreasing the number until you can get a successful ping through, then set the MTU on the interface to that value.
-Stefan
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
That was exactly it.... Thanks a lot.
It was weird, since I would say that I had it working before, and I don't remember any change going on the infrastructure.
But thanks a lot.
On 13/11/18 16:14, Stefan Baur wrote:
Am 13.11.18 um 15:49 schrieb Josep Manel Andrés Moscardó:
Hi, I have a connection to a x2go server (slurm login node) that works fine, but my issue is that when I open a terminal and try to ssh into a node it just hangs until it times out.
Is there any restriction for it?
I am connecting to the x2go server using password or ssh key, and trying to ssh to the node using ssh key or password, it doesn't matter.
Thanks.
Using a key file isn't trivial in this situation. I would suggest making your first attempts using a regular username/password combinations.
First, try pinging the destination server from within the X2Go session.
If you can't ping it, the problem might not be with SSH but with an underlying network (mis)configuration). Running traceroute and looking at/posting the output can't hurt, either.
Also, crank up the verbosity level of the ssh client inside the X2Go session like so:
ssh -vvv user@host
You might also want to try to ping with larger packet sizes, like so:
ping -s 1500 host
if a regular ping works, but it fails when specifying "-s 1500", it might be an MTU issue. Start decreasing the number until you can get a successful ping through, then set the MTU on the interface to that value.
-Stefan
-- Josep Manel Andrés Moscardó Systems Engineer, IT Operations EMBL Heidelberg T +49 6221 387-8394