Mail Archives: cygwin/2020/09/15/15:37:27
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| X-Original-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | cygwin AT cygwin DOT com
|
| DMARC-Filter: | OpenDMARC Filter v1.3.2 sourceware.org 147633861026
|
| Authentication-Results: | sourceware.org; dmarc=none (p=none dis=none)
|
| header.from=SystematicSw.ab.ca
|
| Authentication-Results: | sourceware.org;
|
| spf=none smtp.mailfrom=brian DOT inglis AT systematicsw DOT ab DOT ca
|
| X-Authority-Analysis: | v=2.4 cv=Wfqy12tX c=1 sm=1 tr=0 ts=5f6117c5
|
| a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17
|
| a=IkcTkHD0fZMA:10 a=nar8ntqeAAAA:8 a=naEXXqGbAAAA:8 a=HU1OPnRnAAAA:8
|
| a=FoQ7CbSEAAAA:8 a=Ye9q-bpsAAAA:8 a=kPCIzciLAAAA:20 a=R8AbXUnjxpSjCnGZY80A:9
|
| a=QEXdDO2ut3YA:10 a=P3yLNOpNF_cA:10 a=8nfKT-2EcRIA:10
|
| a=RptMqvEBejqe73AKBt4K:22 a=adNk-MISbSjUckp9qowm:22 a=vQ5cN67eHy2kcvnFvKcb:22
|
| a=dLYXdOGz40Mu-wJ5lII4:22
|
| Subject: | Re: OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
|
| To: | cygwin AT cygwin DOT com
|
| References: | <DM6PR08MB490730F0353698D6F9C6CF17EE200 AT DM6PR08MB4907 DOT namprd08 DOT prod DOT outlook DOT com>
|
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
|
| Autocrypt: | addr=Brian DOT Inglis AT SystematicSw DOT ab DOT ca; prefer-encrypt=mutual;
|
| keydata=
|
| mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0
|
| LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA
|
| PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW
|
| AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO
|
| WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB
|
| BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5
|
| /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF
|
| IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5
|
| RSyTY8X+AQ==
|
| Organization: | Systematic Software
|
| Message-ID: | <bb400d09-6711-b529-a76b-3002ae7fbf32@SystematicSw.ab.ca>
|
| Date: | Tue, 15 Sep 2020 13:36:35 -0600
|
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
|
| Thunderbird/68.12.0
|
| MIME-Version: | 1.0
|
| In-Reply-To: | <DM6PR08MB490730F0353698D6F9C6CF17EE200@DM6PR08MB4907.namprd08.prod.outlook.com>
|
| X-CMAE-Envelope: | MS4xfJm0SyFtz7JiCSiWNk67LirV3sdwn7q86ai0Pdoq/Phhq4UbaBmWeXtjHYgd3VMsOWQZZnIFnFRQnkMX/ZciTrR6H3x/SmNFGddmoGghexWi1vJqrg7u
|
| a1txzqmOC2h9w3vmChgB5XNJqDnfLL4/KH7Z3qTVUVTaQbm1iwlm30vWD9lcsqwY4YvwznCQi8s35pU6kpPHk8yBtcBTjrrLG8w=
|
| X-Spam-Status: | No, score=-6.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
|
| KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, NICE_REPLY_A, RCVD_IN_DNSWL_LOW,
|
| RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE,
|
| TXREP autolearn=no autolearn_force=no version=3.4.2
|
| X-Spam-Checker-Version: | SpamAssassin 3.4.2 (2018-09-13) on
|
| server2.sourceware.org
|
| X-BeenThere: | cygwin AT cygwin DOT com
|
| X-Mailman-Version: | 2.1.29
|
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com>
|
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>,
|
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
|
| List-Archive: | <https://cygwin.com/pipermail/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help>
|
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>,
|
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
|
| Reply-To: | cygwin AT cygwin DOT com
|
| Errors-To: | cygwin-bounces AT cygwin DOT com
|
| Sender: | "Cygwin" <cygwin-bounces AT cygwin DOT com>
|
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 08FJb892027909
|
On 2020-09-15 11:00, Everett, Tom (Nokia - US/Westford) via Cygwin wrote:
> I have tried to add kex to config files but I am still unable to get this to work. It was working at one point but I did not back it up or write instructions because I thought I would never have to touch it again, until I did 😊
>
> Need help establishing the recipe again. Any help would be appreciated.
>
>
> $ cygcheck -c Cygwin
> Cygwin Package Information
> Package Version Status
> cygwin 3.1.7-1 OK
>
>
> SSH Results:
>
> debug1: Local version string SSH-2.0-OpenSSH_8.3
> debug1: Remote protocol version 2.0, remote software version LiteSSH
> debug1: no match: LiteSSH
> …
> …
> debug1: kex: algorithm: (no match)
> Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
>
> $ ssh -Q kex
> diffie-hellman-group1-sha1
> diffie-hellman-group14-sha1
> diffie-hellman-group14-sha256
> diffie-hellman-group16-sha512
> diffie-hellman-group18-sha512
> diffie-hellman-group-exchange-sha1
> diffie-hellman-group-exchange-sha256
> ecdh-sha2-nistp256
> ecdh-sha2-nistp384
> ecdh-sha2-nistp521
> curve25519-sha256
> curve25519-sha256 AT libssh DOT org
> sntrup4591761x25519-sha512 AT tinyssh DOT org
>
> $ ssh admin AT 10 DOT 0 DOT 3 DOT 6
> Connection reset by 10.0.3.6 port 22
>
> Complete listing:
> $ ssh -vv -oHostKeyAlgorithms=+ssh-dss -oStrictHostKeyChecking=no admin AT 10 DOT 0 DOT 3 DOT 6
> OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
> debug2: resolve_canonicalize: hostname 10.0.3.6 is address
> debug2: ssh_connect_direct
> debug1: Connecting to 10.0.3.6 [10.0.3.6] port 22.
> debug1: Connection established.
> debug1: identity file /home/tester/.ssh/id_rsa type -1
> debug1: identity file /home/tester/.ssh/id_rsa-cert type -1
> debug1: identity file /home/tester/.ssh/id_dsa type -1
> debug1: identity file /home/tester/.ssh/id_dsa-cert type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa-cert type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa_sk type -1
> debug1: identity file /home/tester/.ssh/id_ecdsa_sk-cert type -1
> debug1: identity file /home/tester/.ssh/id_ed25519 type -1
> debug1: identity file /home/tester/.ssh/id_ed25519-cert type -1
> debug1: identity file /home/tester/.ssh/id_ed25519_sk type -1
> debug1: identity file /home/tester/.ssh/id_ed25519_sk-cert type -1
> debug1: identity file /home/tester/.ssh/id_xmss type -1
> debug1: identity file /home/tester/.ssh/id_xmss-cert type -1
> debug1: Local version string SSH-2.0-OpenSSH_8.3
> debug1: Remote protocol version 2.0, remote software version LiteSSH
> debug1: no match: LiteSSH
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authenticating to 10.0.3.6:22 as 'admin'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: local client KEXINIT proposal
> debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 AT libssh DOT org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
> debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp384-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp521-cert-v01 AT openssh DOT com,sk-ecdsa-sha2-nistp256-cert-v01 AT openssh DOT com,ssh-ed25519-cert-v01 AT openssh DOT com,sk-ssh-ed25519-cert-v01 AT openssh DOT com,rsa-sha2-512-cert-v01 AT openssh DOT com,rsa-sha2-256-cert-v01 AT openssh DOT com,ssh-rsa-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 AT openssh DOT com,ssh-ed25519,sk-ssh-ed25519 AT openssh DOT com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
> debug2: ciphers ctos: chacha20-poly1305 AT openssh DOT com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm AT openssh DOT com,aes256-gcm AT openssh DOT com
> debug2: ciphers stoc: chacha20-poly1305 AT openssh DOT com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm AT openssh DOT com,aes256-gcm AT openssh DOT com
> debug2: MACs ctos: umac-64-etm AT openssh DOT com,umac-128-etm AT openssh DOT com,hmac-sha2-256-etm AT openssh DOT com,hmac-sha2-512-etm AT openssh DOT com,hmac-sha1-etm AT openssh DOT com,umac-64 AT openssh DOT com,umac-128 AT openssh DOT com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: MACs stoc: umac-64-etm AT openssh DOT com,umac-128-etm AT openssh DOT com,hmac-sha2-256-etm AT openssh DOT com,hmac-sha2-512-etm AT openssh DOT com,hmac-sha1-etm AT openssh DOT com,umac-64 AT openssh DOT com,umac-128 AT openssh DOT com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: compression ctos: none,zlib AT openssh DOT com,zlib
> debug2: compression stoc: none,zlib AT openssh DOT com,zlib
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug2: peer server KEXINIT proposal
> debug2: KEX algorithms: diffie-hellman-group14-sha1
> debug2: host key algorithms: ssh-rsa
> debug2: ciphers ctos: aes256-ctr
> debug2: ciphers stoc: aes256-ctr
> debug2: MACs ctos: hmac-sha1
> debug2: MACs stoc: hmac-sha1
> debug2: compression ctos: none
> debug2: compression stoc: none
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug1: kex: algorithm: (no match)
> Unable to negotiate with 10.0.3.6 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
Do these help?
https://www.openssh.com/legacy.html
https://www.ssh.com/ssh/sshd_config/
https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0
Curl cygport check uses kex a lot in its tests so that might give you some help.
You could check it out online under
https://github.com/curl/curl/tree/master/tests
download the package sources, or I could PM you selected generated or log files,
if you know what you want to see.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in IEC units and prefixes, physical quantities in SI.]
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
- Raw text -