X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: sourceware.org To: cygwin AT cygwin DOT com From: Michael Makuch Subject: Openssh compatibility problem? Date: Tue, 30 Dec 2008 19:30:52 -0600 Lines: 147 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Recently installed latest cygwin and can't ssh to it from older openssh rev. Is there a known compatibility problem? 3 systems: plum, oak, pecan I can ssh from pecan to oak. I cannot ssh from pecan to plum, it appears to timeout. Versions of the 3 systems: plum $ uname -a CYGWIN_NT-5.1 plum 1.5.25(0.156/4/2) 2008-06-12 19:34 i686 Cygwin plum $ ssh -V OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 oak $ uname -a Linux oak 2.6.27.5-117.fc10.x86_64 #1 SMP Tue Nov 18 11:58:53 EST 2008 x86_64 x86_64 x86_64 GNU/Linux oak $ cat /etc/fedora-release Fedora release 10 (Cambridge) oak $ ssh -V OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 pecan $ uname -a Linux pecan 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 i686 i386 GNU/Linux pecan $ cat /etc/fedora-release Fedora release 7 (Moonshine) pecan $ ssh -V OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006 Sessions: ssh from pecan to plum appears to timeout: pecan $ ssh -vvvv plum OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006 debug1: Reading configuration data /home2/mkm/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to plum [192.168.2.21] port 22. debug1: Connection established. debug1: identity file /home2/mkm/.ssh/identity type -1 debug3: Not a RSA1 key file /home2/mkm/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace [snip more of same] debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home2/mkm/.ssh/id_rsa type 1 debug1: identity file /home2/mkm/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host ssh from pecan to oak works a.o.k: pecan $ ssh -vvvvv oak OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006 debug1: Reading configuration data /home2/mkm/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to oak [192.168.2.15] port 22. debug1: Connection established. debug1: identity file /home2/mkm/.ssh/identity type -1 debug3: Not a RSA1 key file /home2/mkm/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace [snip more of same] debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home2/mkm/.ssh/id_rsa type 1 debug1: identity file /home2/mkm/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.5 [snip lots more lines then successful login] ssh from oak to plum works a.o.k: oak $ ssh -vvv mark AT plum OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to plum [192.168.2.21] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1 [snip succeeds] config files: plum $ grep -v "^#" /etc/sshd_config|grep -i "[a-z]" Port 22 Protocol 2,1 StrictModes no PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE UsePrivilegeSeparation yes Subsystem sftp /usr/sbin/sftp-server oak $ grep -v "^#" /etc/ssh/sshd_config|grep -i "[a-z]" Protocol 2 SyslogFacility AUTHPRIV PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE X11Forwarding yes Subsystem sftp /usr/libexec/openssh/sftp-server pecan $ grep -v "^#" /etc/ssh/ssh_config |grep -i "[a-z]" Host * Protocol 2,1 Host * GSSAPIAuthentication yes ForwardX11Trusted yes SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL I prefer to not upgrade the version of openssh on pecan just now if I can avoid it. I'd appreciate any clues. Thanks. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/