Mail Archives: cygwin/2012/02/01/18:12:31

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2012/02/01/18:12:31

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=-1.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,WEIRD_QUOTING

X-Spam-Check-By: sourceware.org

From: Guy Harrison <swampdog AT ntlworld DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: IBM ssh gateway

Date: Wed, 1 Feb 2012 23:11:28 +0000

User-Agent: KMail/1.9.9

References: <201202011046 DOT 40681 DOT swampdog AT ntlworld DOT com> <201202011442 DOT 50193 DOT swampdog AT ntlworld DOT com> <4F297EA3 DOT 20008 AT cygwin DOT com>

In-Reply-To: <4F297EA3.20008@cygwin.com>

MIME-Version: 1.0

Message-Id: <201202012311.29012.swampdog@ntlworld.com>

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

On Wednesday 01 February 2012 18:04:19 Larry Hall (Cygwin) wrote:
> On 2/1/2012 9:42 AM, Guy Harrison wrote:
> > Hi Ryan,
> >
> > On Wednesday 01 February 2012 13:43:32 Ryan Johnson wrote:
> >> On 01/02/2012 5:46 AM, Guy Harrison wrote:
> >>> Hi Folks,
> >>>
> >>> Can anyone help interpret this? I am fairly certain the problem lies
> >>> with IBM but I am no crypto expert. Is (for instance) the server
> >>> rejecting the connection because (say) it does not understand ECDSA?
> >>> Unfortunately I do not have an older instance of cygwin ssh to try
> >>> that theory out. The failure is recent. I upgraded my cygwin
> >>> instances over xmas.
> >>>
> >>> My primary concern is that the latter (linux) connection (after ~~~)
> >>> may fail after a future upgrade.
> >>
> >> I would definitely check with your local network security folks. When
> >> I was last at IBM I had trouble connecting from a certain machine --
> >> just that one -- and nobody could figure out why. Finally, it turned
> >> out that I had a lot of locales installed and the long list of
> >> supported languages announced by my ssh client triggered some firewall
> >> rule.
> >
> > Unfortunately I forgot to mention the problem occurs both from my home
> > network and via my work network (which I could easily have believed was
> > at fault - they've messed with it a lot recently). The ~~~ linux box
> > above connects via my home network but I have an aix box at work that
> > also connects successfully whereas work cygwin (that's on XP) fails in
> > the same fashion as my original post.
>
> So you're defining a successful connection as one where any key file is
> ignored/invalidated and you're left to login with your password?

Yes. Only password authentification is allowed on that IP address. Once 
connected, it is possible to connect to virtual machines we have set up via 
our company account. Ordinarily our usual scenario is to connect to the 
gateway with a username plus forward some local ports..

	<example>
$ ssh \
        -L "$RHE55_SSH"":""$RHE55":22 \
        -L "$RHE55_VNC"":""$RHE55":5900 \
        -L "$RHE55_SQL"":""$RHE55":3306 \
 \
        "$SSH_USER"@"$SSH_GATE"
	</example>

..which will facilitate subsequent key authentification via the local port..

	<example>
$ ssh -p $RHE55_SSH -YC \
	-o UserKnownHostsFile=/dev/null \
	-o StrictHostKeyChecking=no \
	$SSH_USER AT localhost "$@"
	</example>

..unfortunately I can't post the value for SSH_USER but as previously posted 
SSH_GATE is "198.81.193.104". Is it possible for others to try..
$ ssh -vv 198.81.193.104
..as that's enough to trigger the fault.

> That's 
> what you're showing with the Linux machine.  If that's the benchmark,
> have you tried eliminating your keys on your Cygwin machine to see if you
> get to the same point as Linux?

Yes. Same fault occurs with no valid keys. :-|

TIA
Guy

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-1.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,WEIRD_QUOTING
X-Spam-Check-By:	sourceware.org
From:	Guy Harrison <swampdog AT ntlworld DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: IBM ssh gateway
Date:	Wed, 1 Feb 2012 23:11:28 +0000
User-Agent:	KMail/1.9.9
References:	<201202011046 DOT 40681 DOT swampdog AT ntlworld DOT com> <201202011442 DOT 50193 DOT swampdog AT ntlworld DOT com> <4F297EA3 DOT 20008 AT cygwin DOT com>
In-Reply-To:	<4F297EA3.20008@cygwin.com>
MIME-Version:	1.0
Message-Id:	<201202012311.29012.swampdog@ntlworld.com>
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com