Mail Archives: cygwin/2012/02/01/23:39:36

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2012/02/01/23:39:36

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=3.6 required=5.0 tests=AWL,BAYES_00,BOTNET,RCVD_IN_DNSWL_NONE,WEIRD_QUOTING

X-Spam-Check-By: sourceware.org

Message-id: <4F2A1363.6020206@cygwin.com>

Date: Wed, 01 Feb 2012 23:38:59 -0500

From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>

Reply-to: cygwin AT cygwin DOT com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1

MIME-version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: IBM ssh gateway

References: <201202011046 DOT 40681 DOT swampdog AT ntlworld DOT com> <201202011442 DOT 50193 DOT swampdog AT ntlworld DOT com> <4F297EA3 DOT 20008 AT cygwin DOT com> <201202012311 DOT 29012 DOT swampdog AT ntlworld DOT com>

In-reply-to: <201202012311.29012.swampdog@ntlworld.com>

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

On 2/1/2012 6:11 PM, Guy Harrison wrote:
> On Wednesday 01 February 2012 18:04:19 Larry Hall (Cygwin) wrote:
>> On 2/1/2012 9:42 AM, Guy Harrison wrote:
>>> Hi Ryan,
>>>
>>> On Wednesday 01 February 2012 13:43:32 Ryan Johnson wrote:
>>>> On 01/02/2012 5:46 AM, Guy Harrison wrote:
>>>>> Hi Folks,
>>>>>
>>>>> Can anyone help interpret this? I am fairly certain the problem lies
>>>>> with IBM but I am no crypto expert. Is (for instance) the server
>>>>> rejecting the connection because (say) it does not understand ECDSA?
>>>>> Unfortunately I do not have an older instance of cygwin ssh to try
>>>>> that theory out. The failure is recent. I upgraded my cygwin
>>>>> instances over xmas.
>>>>>
>>>>> My primary concern is that the latter (linux) connection (after ~~~)
>>>>> may fail after a future upgrade.
>>>>
>>>> I would definitely check with your local network security folks. When
>>>> I was last at IBM I had trouble connecting from a certain machine --
>>>> just that one -- and nobody could figure out why. Finally, it turned
>>>> out that I had a lot of locales installed and the long list of
>>>> supported languages announced by my ssh client triggered some firewall
>>>> rule.
>>>
>>> Unfortunately I forgot to mention the problem occurs both from my home
>>> network and via my work network (which I could easily have believed was
>>> at fault - they've messed with it a lot recently). The ~~~ linux box
>>> above connects via my home network but I have an aix box at work that
>>> also connects successfully whereas work cygwin (that's on XP) fails in
>>> the same fashion as my original post.
>>
>> So you're defining a successful connection as one where any key file is
>> ignored/invalidated and you're left to login with your password?
>
> Yes. Only password authentification is allowed on that IP address. Once
> connected, it is possible to connect to virtual machines we have set up via
> our company account. Ordinarily our usual scenario is to connect to the
> gateway with a username plus forward some local ports..
>
> 	<example>
> $ ssh \
>          -L "$RHE55_SSH"":""$RHE55":22 \
>          -L "$RHE55_VNC"":""$RHE55":5900 \
>          -L "$RHE55_SQL"":""$RHE55":3306 \
>   \
>          "$SSH_USER"@"$SSH_GATE"
> 	</example>
>
> ..which will facilitate subsequent key authentification via the local port..
>
> 	<example>
> $ ssh -p $RHE55_SSH -YC \
> 	-o UserKnownHostsFile=/dev/null \
> 	-o StrictHostKeyChecking=no \
> 	$SSH_USER AT localhost "$@"
> 	</example>
>
> ..unfortunately I can't post the value for SSH_USER but as previously posted
> SSH_GATE is "198.81.193.104". Is it possible for others to try..
> $ ssh -vv 198.81.193.104
> ..as that's enough to trigger the fault.

Indeed.  I do see that even if I limit authentication methods to password.
And it does go through OK if I use a web client (serfish).

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=3.6 required=5.0 tests=AWL,BAYES_00,BOTNET,RCVD_IN_DNSWL_NONE,WEIRD_QUOTING
X-Spam-Check-By:	sourceware.org
Message-id:	<4F2A1363.6020206@cygwin.com>
Date:	Wed, 01 Feb 2012 23:38:59 -0500
From:	"Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-to:	cygwin AT cygwin DOT com
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: IBM ssh gateway
References:	<201202011046 DOT 40681 DOT swampdog AT ntlworld DOT com> <201202011442 DOT 50193 DOT swampdog AT ntlworld DOT com> <4F297EA3 DOT 20008 AT cygwin DOT com> <201202012311 DOT 29012 DOT swampdog AT ntlworld DOT com>
In-reply-to:	<201202012311.29012.swampdog@ntlworld.com>
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com