On 29.01.2016 06:07 PM, KARL A. WOELFER wrote:
Thanks Mihai -
Great point - I will check the ssh server. Here is the sshd_config on the server (I commented out the KexAlgorithms section, to re-enable normal ssh) : [...] # KexAlgorithms # curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
You must NOT write this on two lines. This MUST be on one line.
This is the reason sshd did not start.
Mihai
Mihai -
Your tip was spot - on. Everything looks to be working now, thank you so much for the troubleshooting. Thanks to everyone for their support.
Best regards,
De : Mihai Moldovan <ionic@ionic.de> Envoyé : vendredi 29 janvier 2016 09:10 À : KARL A. WOELFER; x2go-user@lists.x2go.org Objet : Re: [X2Go-User] kex error
On 29.01.2016 06:07 PM, KARL A. WOELFER wrote:
Thanks Mihai -
Great point - I will check the ssh server. Here is the sshd_config on the server (I commented out the KexAlgorithms section, to re-enable normal ssh) : [...] # KexAlgorithms # curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
You must NOT write this on two lines. This MUST be on one line.
This is the reason sshd did not start.
Mihai
On 29.01.2016 06:13 PM, KARL A. WOELFER wrote:
Mihai -
Your tip was spot - on. Everything looks to be working now, thank you so much for the troubleshooting. Thanks to everyone for their support.
As a general piece of advise: all lines in sshd_config (and ssh_config) are key-value pairs. If you don't specify a value for a key, sshd will either error out while parsing its config file during startup or assume an empty value for the key. Then, it will definitely error out while parsing the next line because it found an unknown key.
Note that libssh versions from 0.5.3 onwards also support the group14-sha1 key exchange algorithm. Debian Wheezy is shipping 0.5.4, so that would be covered. Unless you need even older client to connect to the server (for instance Ubuntu Precise), I suggest removing "diffie-hellman-group1-sha1" from the KexAlgorithms key again, because "diffie-hellman-group14-sha1" - which is also in the list - should be enough to let X2Go Client (via libssh) connect to the server.
Try setting KexAlgorithms to (I'll only post the value here, hope you can deduce the full line in sshd_config from my previous explanation -- and make sure that it's one line only, i.e., just copy-pasting from my mail may split it onto several lines):
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Restart sshd and see if X2Go Client can connect.
If it does not, try this:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
Restart sshd, X2Go Client connect.
If it still does not, you'll need to use the original value, i.e.:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Mihai
Mihai Moldovan schrieb am 29.01.2016 um 18:38:
Note that libssh versions from 0.5.3 onwards also support the group14-sha1 key exchange algorithm. Debian Wheezy is shipping 0.5.4, so that would be covered. Unless you need even older client to connect to the server (for instance Ubuntu Precise), I suggest removing "diffie-hellman-group1-sha1" from the KexAlgorithms key again, because "diffie-hellman-group14-sha1" - which is also in the list - should be enough to let X2Go Client (via libssh) connect to the server.
i can confirm that "diffie-hellman-group1-sha1" ist not necessary with older x2go clients and "diffie-hellman-group14-sha1" is enough. Thanks for the hint!
Regards Klaus