Quantcast

Some struggle with SSH2DOS (solved)

classic Classic list List threaded Threaded
32 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Some struggle with SSH2DOS (solved)

Ulrich Hansen-2
Hi all,

Thanks to Jerome, there is now SSH2DOS in the FreeDOS net repo, which is great!

Unfortunately even this free SSH client is getting a bit rusty, the latest version is 11 years old.

As I found out, it wouldn’t connect to my server (Ubuntu 16.04 LTS).
But it still connected fine to a Debian Wheezy machine.

In the end I found the problem: OpenSSH versions >=6.7 have disabled a necessary KexAlgorithm and a Cipher.

Here is a report. I also posted it on the SSH2DOS page on SourceForge.

Hope this helps others eventually...
Ulrich



1. The solution:

Add the following lines to /etc/ssh/sshd_config on the server:

Ciphers aes128-cbc
KexAlgorithms diffie-hellman-group-exchange-sha1


2. The problem:

SSH2DOS works fine with a Debian Wheezy machine with OpenSSH 6.0.

But it does not connect to a Debian 8 machine with OpenSSH 6.7.
It also does not connect to a Ubuntu 16.04 server with OpenSSH 7.2.

SSH2DOS gives the following error code:

C:\> ssh2d386 username 192.168.1.136
SSH2DOS v0.2.1. 386+ version
Remote host closed connection
DH key exchange failed
Socket write error. File: transprt.c, line:698
Remote reset connection

On the server /var/log/auth.log says:
Jan 23 00:17:25 debian8 sshd [1883]: fatal: Unable to negotiate a key exchange method [preauth]

SSH2D386 with the -d option writes the following DEBUG.PKT:


-------------------

RECEIVED packet:
14 63 99 7B 69 DA 8E 90 00 02 0A 69 D1 32 93 26
E1 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D
73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72
67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74
70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E
69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61
32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69
65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D
65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C
64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67
72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 41 73
73 68 2D 72 73 61 2C 72 73 61 2D 73 68 61 32 2D
35 31 32 2C 72 73 61 2D 73 68 61 32 2D 32 35 36
2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74
70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39
00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40
6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63
2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68
2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32
35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32
2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F
70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D
36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75
6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E
63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35
36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C
68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61
63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68
2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74
6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D
61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40
6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E
63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E
73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38
40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61
63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D
73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68
61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40
6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E
6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68
2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00
00
.c.{i......i.2.&
.....curve25519-
[hidden email]
g,ecdh-sha2-nist
p256,ecdh-sha2-n
istp384,ecdh-sha
2-nistp521,diffi
e-hellman-group-
exchange-sha256,
diffie-hellman-g
roup14-sha1...As
sh-rsa,rsa-sha2-
512,rsa-sha2-256
,ecdsa-sha2-nist
p256,ssh-ed25519
...lchacha20-pol
[hidden email]
m,aes128-ctr,aes
192-ctr,aes256-c
tr,aes128-gcm@op
enssh.com,aes256
-[hidden email]
...lchacha20-pol
[hidden email]
m,aes128-ctr,aes
192-ctr,aes256-c
tr,aes128-gcm@op
enssh.com,aes256
-[hidden email]
....umac-64-etm@
openssh.com,umac
-128-etm@openssh
.com,hmac-sha2-2
[hidden email]
om,hmac-sha2-512
-[hidden email]
,hmac-sha1-etm@o
penssh.com,umac-
[hidden email],u
mac-128@openssh.
com,hmac-sha2-25
6,hmac-sha2-512,
hmac-sha1....uma
c-64-etm@openssh
.com,umac-128-et
[hidden email],hm
ac-sha2-256-etm@
openssh.com,hmac
-sha2-512-etm@op
enssh.com,hmac-s
ha1-etm@openssh.
com,umac-64@open
ssh.com,umac-128
@openssh.com,hma
c-sha2-256,hmac-
sha2-512,hmac-sh
a1....none,zlib@
openssh.com....n
one,zlib@openssh
.com............
.

SENT packet:
14 8D 73 ED D0 96 BE 48 9A 89 61 74 E7 41 14 CE
FC 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
..s....H..at.A..
...."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
....aes128-cbc..
..hmac-sha1....h
mac-sha1....none
,zlib....none,zl
ib.............

SENT packet:
1E 00 00 04 00
.....

SENT packet:
62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
00 18 00 00 00 00 00 00 00 00 00 00 00 00
b........pty-req
.....xterm...P..
..............
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Ulrich Hansen-2
Update:

The solution I found last night seems to work only for older OpenSSH servers.

For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:

HostKeyAlgorithms ssh-dss

to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by default since OpenSSH 6.9.

But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.

Perhaps someone has an idea?

At the moment SSH2DOS can only be used to connect to older servers, running f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7).

So soon there will be no functioning SSH client anymore for FreeDOS. :-(

Here are the messages:

SSH2DOS error message is:

C:\> ssh2d386 username 192.168.1.131
SSH2DOS v0.2.1. 386+ version
Expected KEX_DH_GEX_GROUP
DH key exchange failed
Remote host closed connection
Socket write error. File: transprt.c, line:698
Connection closed by peer

On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log says:

Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error: type 30 seq 1 [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect from 192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: Disconnected from 192.168.1.110 port 564 [preauth]


C:\> ssh2d386 -d username 192.168.1.131

wrote the following output in C:\SSH2DOS\DEBUG.PKT:

-------------------

RECEIVED packet:
14 BE 6D 01 48 D3 E5 EB 2A C1 81 DE E7 31 AB DB
B2 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31
32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36
2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65
74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68
6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65
6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34
40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61
63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C
68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D
61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 63 2D
36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40
6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E
73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61
31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73
68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F
70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D
73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68
61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31
00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E
65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00
..m.H...*....1..
...."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
....aes128-cbc..
..umac-64-etm@op
enssh.com,umac-1
[hidden email]
om,hmac-sha2-256
-[hidden email]
,hmac-sha2-512-e
[hidden email],h
mac-sha1-etm@ope
nssh.com,umac-64
@openssh.com,uma
[hidden email]
m,hmac-sha2-256,
hmac-sha2-512,hm
ac-sha1....umac-
[hidden email]
om,umac-128-etm@
openssh.com,hmac
-sha2-256-etm@op
enssh.com,hmac-s
ha2-512-etm@open
ssh.com,hmac-sha
[hidden email]
m,umac-64@openss
h.com,umac-128@o
penssh.com,hmac-
sha2-256,hmac-sh
a2-512,hmac-sha1
....none,zlib@op
enssh.com....non
e,[hidden email]
om.............

SENT packet:
14 25 81 88 A7 CD 90 15 0E 5E 3B 7C B4 0B 1E 9D
CA 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
.%.......^;|....
...."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
....aes128-cbc..
..hmac-sha1....h
mac-sha1....none
,zlib....none,zl
ib.............

SENT packet:
1E 00 00 04 00
.....

RECEIVED packet:
03 00 00 00 01
.....

SENT packet:
03 00 00 00 02
.....

SENT packet:
01 00 00 00 03 00 00 00 19 45 78 70 65 63 74 65
64 20 4B 45 58 5F 44 48 5F 47 45 58 5F 47 52 4F
55 50 00 00 00 00
.........Expecte
d KEX_DH_GEX_GRO
UP....

SENT packet:
62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
00 18 00 00 00 00 00 00 00 00 00 00 00 00
b........pty-req
.....xterm...P..
..............

SENT packet:
62 00 00 00 00 00 00 00 05 73 68 65 6C 6C 01
b........shell.






> Am 23.01.2017 um 01:22 schrieb Ulrich Hansen <[hidden email]>:
>
> Hi all,
>
> Thanks to Jerome, there is now SSH2DOS in the FreeDOS net repo, which is great!
>
> Unfortunately even this free SSH client is getting a bit rusty, the latest version is 11 years old.
>
> As I found out, it wouldn’t connect to my server (Ubuntu 16.04 LTS).
> But it still connected fine to a Debian Wheezy machine.
>
> In the end I found the problem: OpenSSH versions >=6.7 have disabled a necessary KexAlgorithm and a Cipher.
>
> Here is a report. I also posted it on the SSH2DOS page on SourceForge.
>
> Hope this helps others eventually...
> Ulrich
>
>
>
> 1. The solution:
>
> Add the following lines to /etc/ssh/sshd_config on the server:
>
> Ciphers aes128-cbc
> KexAlgorithms diffie-hellman-group-exchange-sha1
>
>
> 2. The problem:
>
> SSH2DOS works fine with a Debian Wheezy machine with OpenSSH 6.0.
>
> But it does not connect to a Debian 8 machine with OpenSSH 6.7.
> It also does not connect to a Ubuntu 16.04 server with OpenSSH 7.2.
>
> SSH2DOS gives the following error code:
>
> C:\> ssh2d386 username 192.168.1.136
> SSH2DOS v0.2.1. 386+ version
> Remote host closed connection
> DH key exchange failed
> Socket write error. File: transprt.c, line:698
> Remote reset connection
>
> On the server /var/log/auth.log says:
> Jan 23 00:17:25 debian8 sshd [1883]: fatal: Unable to negotiate a key exchange method [preauth]
>
> SSH2D386 with the -d option writes the following DEBUG.PKT:
>
>
> -------------------
>
> RECEIVED packet:
> 14 63 99 7B 69 DA 8E 90 00 02 0A 69 D1 32 93 26
> E1 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D
> 73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72
> 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74
> 70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E
> 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61
> 32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69
> 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D
> 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C
> 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67
> 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 41 73
> 73 68 2D 72 73 61 2C 72 73 61 2D 73 68 61 32 2D
> 35 31 32 2C 72 73 61 2D 73 68 61 32 2D 32 35 36
> 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74
> 70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63
> 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32
> 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32
> 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F
> 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D
> 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75
> 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E
> 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35
> 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C
> 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61
> 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74
> 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D
> 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
> 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
> 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E
> 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E
> 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38
> 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61
> 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D
> 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68
> 61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E
> 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> .c.{i......i.2.&
> .....curve25519-
> [hidden email]
> g,ecdh-sha2-nist
> p256,ecdh-sha2-n
> istp384,ecdh-sha
> 2-nistp521,diffi
> e-hellman-group-
> exchange-sha256,
> diffie-hellman-g
> roup14-sha1...As
> sh-rsa,rsa-sha2-
> 512,rsa-sha2-256
> ,ecdsa-sha2-nist
> p256,ssh-ed25519
> ...lchacha20-pol
> [hidden email]
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -[hidden email]
> ...lchacha20-pol
> [hidden email]
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -[hidden email]
> ....umac-64-etm@
> openssh.com,umac
> -128-etm@openssh
> .com,hmac-sha2-2
> [hidden email]
> om,hmac-sha2-512
> -[hidden email]
> ,hmac-sha1-etm@o
> penssh.com,umac-
> [hidden email],u
> mac-128@openssh.
> com,hmac-sha2-25
> 6,hmac-sha2-512,
> hmac-sha1....uma
> c-64-etm@openssh
> .com,umac-128-et
> [hidden email],hm
> ac-sha2-256-etm@
> openssh.com,hmac
> -sha2-512-etm@op
> enssh.com,hmac-s
> ha1-etm@openssh.
> com,umac-64@open
> ssh.com,umac-128
> @openssh.com,hma
> c-sha2-256,hmac-
> sha2-512,hmac-sh
> a1....none,zlib@
> openssh.com....n
> one,zlib@openssh
> .com............
> .
>
> SENT packet:
> 14 8D 73 ED D0 96 BE 48 9A 89 61 74 E7 41 14 CE
> FC 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
> 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
> 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
> 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
> ..s....H..at.A..
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..hmac-sha1....h
> mac-sha1....none
> ,zlib....none,zl
> ib.............
>
> SENT packet:
> 1E 00 00 04 00
> .....
>
> SENT packet:
> 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
> 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
> 00 18 00 00 00 00 00 00 00 00 00 00 00 00
> b........pty-req
> .....xterm...P..
> ..............
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
From: Ulrich Hansen <[hidden email]>


Update:

The solution I found last night seems to work only for older OpenSSH servers.

For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:

HostKeyAlgorithms ssh-dss

to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by
default since OpenSSH 6.9.

But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.

Perhaps someone has an idea?

At the moment SSH2DOS can only be used to connect to older servers, running
f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7).

So soon there will be no functioning SSH client anymore for FreeDOS. :-(

Here are the messages:

SSH2DOS error message is:

C:\> ssh2d386 username 192.168.1.131
SSH2DOS v0.2.1. 386+ version
Expected KEX_DH_GEX_GROUP
DH key exchange failed
Remote host closed connection
Socket write error. File: transprt.c, line:698
Connection closed by peer

On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log says:

Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error: type
30 seq 1 [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect from
192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: Disconnected from 192.168.1.110
port 564 [preauth]


C:\> ssh2d386 -d username 192.168.1.131

wrote the following output in C:\SSH2DOS\DEBUG.PKT:

-------------------

RECEIVED packet:
14 BE 6D 01 48 D3 E5 EB 2A C1 81 DE E7 31 AB DB
B2 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31
32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36
2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65
74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68
6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65
6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34
40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61
63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C
68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D
61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 63 2D
36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40
6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E
73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61
31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73
68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F
70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D
73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68
61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31
00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E
65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00
...m.H...*....1..
....."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
.....aes128-cbc..
...umac-64-etm@op
enssh.com,umac-1
[hidden email]
om,hmac-sha2-256
-[hidden email]
,hmac-sha2-512-e
[hidden email],h
mac-sha1-etm@ope
nssh.com,umac-64
@openssh.com,uma
[hidden email]
m,hmac-sha2-256,
hmac-sha2-512,hm
ac-sha1....umac-
[hidden email]
om,umac-128-etm@
openssh.com,hmac
-sha2-256-etm@op
enssh.com,hmac-s
ha2-512-etm@open
ssh.com,hmac-sha
[hidden email]
m,umac-64@openss
h.com,umac-128@o
penssh.com,hmac-
sha2-256,hmac-sh
a2-512,hmac-sha1
.....none,zlib@op
enssh.com....non
e,[hidden email]
om.............

SENT packet:
14 25 81 88 A7 CD 90 15 0E 5E 3B 7C B4 0B 1E 9D
CA 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
..%.......^;|....
....."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
.....aes128-cbc..
...hmac-sha1....h
mac-sha1....none
,zlib....none,zl
ib.............

SENT packet:
1E 00 00 04 00
......

RECEIVED packet:
03 00 00 00 01
......

SENT packet:
03 00 00 00 02
......

SENT packet:
01 00 00 00 03 00 00 00 19 45 78 70 65 63 74 65
64 20 4B 45 58 5F 44 48 5F 47 45 58 5F 47 52 4F
55 50 00 00 00 00
..........Expecte
d KEX_DH_GEX_GRO
UP....

SENT packet:
62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
00 18 00 00 00 00 00 00 00 00 00 00 00 00
b........pty-req
......xterm...P..
...............

SENT packet:
62 00 00 00 00 00 00 00 05 73 68 65 6C 6C 01
b........shell.






> Am 23.01.2017 um 01:22 schrieb Ulrich Hansen <[hidden email]>:
>
> Hi all,
>
> Thanks to Jerome, there is now SSH2DOS in the FreeDOS net repo, which is
great!
>
> Unfortunately even this free SSH client is getting a bit rusty, the latest
version is 11 years old.
>
> As I found out, it wouldnrCOt connect to my server (Ubuntu 16.04 LTS).
> But it still connected fine to a Debian Wheezy machine.
>
> In the end I found the problem: OpenSSH versions >=6.7 have disabled a
necessary KexAlgorithm and a Cipher.

>
> Here is a report. I also posted it on the SSH2DOS page on SourceForge.
>
> Hope this helps others eventually...
> Ulrich
>
>
>
> 1. The solution:
>
> Add the following lines to /etc/ssh/sshd_config on the server:
>
> Ciphers aes128-cbc
> KexAlgorithms diffie-hellman-group-exchange-sha1
>
>
> 2. The problem:
>
> SSH2DOS works fine with a Debian Wheezy machine with OpenSSH 6.0.
>
> But it does not connect to a Debian 8 machine with OpenSSH 6.7.
> It also does not connect to a Ubuntu 16.04 server with OpenSSH 7.2.
>
> SSH2DOS gives the following error code:
>
> C:\> ssh2d386 username 192.168.1.136
> SSH2DOS v0.2.1. 386+ version
> Remote host closed connection
> DH key exchange failed
> Socket write error. File: transprt.c, line:698
> Remote reset connection
>
> On the server /var/log/auth.log says:
> Jan 23 00:17:25 debian8 sshd [1883]: fatal: Unable to negotiate a key
exchange method [preauth]

>
> SSH2D386 with the -d option writes the following DEBUG.PKT:
>
>
> -------------------
>
> RECEIVED packet:
> 14 63 99 7B 69 DA 8E 90 00 02 0A 69 D1 32 93 26
> E1 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D
> 73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72
> 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74
> 70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E
> 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61
> 32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69
> 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D
> 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C
> 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67
> 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 41 73
> 73 68 2D 72 73 61 2C 72 73 61 2D 73 68 61 32 2D
> 35 31 32 2C 72 73 61 2D 73 68 61 32 2D 32 35 36
> 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74
> 70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63
> 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32
> 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32
> 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F
> 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D
> 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75
> 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E
> 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35
> 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C
> 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61
> 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74
> 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D
> 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
> 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
> 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E
> 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E
> 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38
> 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61
> 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D
> 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68
> 61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E
> 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> .c.{i......i.2.&
> .....curve25519-
> [hidden email]
> g,ecdh-sha2-nist
> p256,ecdh-sha2-n
> istp384,ecdh-sha
> 2-nistp521,diffi
> e-hellman-group-
> exchange-sha256,
> diffie-hellman-g
> roup14-sha1...As
> sh-rsa,rsa-sha2-
> 512,rsa-sha2-256
> ,ecdsa-sha2-nist
> p256,ssh-ed25519
> ...lchacha20-pol
> [hidden email]
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -[hidden email]
> ...lchacha20-pol
> [hidden email]
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -[hidden email]
> ....umac-64-etm@
> openssh.com,umac
> -128-etm@openssh
> .com,hmac-sha2-2
> [hidden email]
> om,hmac-sha2-512
> -[hidden email]
> ,hmac-sha1-etm@o
> penssh.com,umac-
> [hidden email],u
> mac-128@openssh.
> com,hmac-sha2-25
> 6,hmac-sha2-512,
> hmac-sha1....uma
> c-64-etm@openssh
> .com,umac-128-et
> [hidden email],hm
> ac-sha2-256-etm@
> openssh.com,hmac
> -sha2-512-etm@op
> enssh.com,hmac-s
> ha1-etm@openssh.
> com,umac-64@open
> ssh.com,umac-128
> @openssh.com,hma
> c-sha2-256,hmac-
> sha2-512,hmac-sh
> a1....none,zlib@
> openssh.com....n
> one,zlib@openssh
> .com............
> .
>
> SENT packet:
> 14 8D 73 ED D0 96 BE 48 9A 89 61 74 E7 41 14 CE
> FC 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
> 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
> 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
> 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
> ..s....H..at.A..
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..hmac-sha1....h
> mac-sha1....none
> ,zlib....none,zl
> ib.............
>
> SENT packet:
> 1E 00 00 04 00
> .....
>
> SENT packet:
> 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
> 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
> 00 18 00 00 00 00 00 00 00 00 00 00 00 00
> b........pty-req
> .....xterm...P..
> ..............
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: Dan Schmidt <[hidden email]>

--===============8947666473291029551==
Content-Type: multipart/alternative; boundary=001a11c00ea612aad70546e511ab

--001a11c00ea612aad70546e511ab
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

They deprecated that cipher - you can make it work, but it is vulnerable.
Also, ssh2dos is very unstable in my experience.  I wish somebody would
write a decent ssh for dos.

On Mon, Jan 23, 2017 at 1:21 AM, Ulrich Hansen <[hidden email]> wrote:

> Update:
>
> The solution I found last night seems to work only for older OpenSSH
> servers.
>
> For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:
>
> HostKeyAlgorithms ssh-dss
>
> to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by
> default since OpenSSH 6.9.
>
> But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.
>
> Perhaps someone has an idea?
>
> At the moment SSH2DOS can only be used to connect to older servers,
> running f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7).
>
> So soon there will be no functioning SSH client anymore for FreeDOS. :-(
>
> Here are the messages:
>
> SSH2DOS error message is:
>
> C:\> ssh2d386 username 192.168.1.131
> SSH2DOS v0.2.1. 386+ version
> Expected KEX_DH_GEX_GROUP
> DH key exchange failed
> Remote host closed connection
> Socket write error. File: transprt.c, line:698
> Connection closed by peer
>
> On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log
> says:
>
> Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error:
> type 30 seq 1 [preauth]
> Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect
> from 192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]
> Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: Disconnected from
> 192.168.1.110 port 564 [preauth]
>
>
> C:\> ssh2d386 -d username 192.168.1.131
>
> wrote the following output in C:\SSH2DOS\DEBUG.PKT:
>
> -------------------
>
> RECEIVED packet:
> 14 BE 6D 01 48 D3 E5 EB 2A C1 81 DE E7 31 AB DB
> B2 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31
> 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36
> 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65
> 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68
> 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65
> 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34
> 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61
> 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C
> 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D
> 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 63 2D
> 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
> 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
> 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E
> 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61
> 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73
> 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F
> 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D
> 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68
> 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31
> 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E
> 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00
> ..m.H...*....1..
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..umac-64-etm@op
> enssh.com,umac-1
> [hidden email]
> om,hmac-sha2-256
> -[hidden email]
> ,hmac-sha2-512-e
> [hidden email],h
> mac-sha1-etm@ope
> nssh.com,umac-64
> @openssh.com,uma
> [hidden email]
> m,hmac-sha2-256,
> hmac-sha2-512,hm
> ac-sha1....umac-
> [hidden email]
> om,umac-128-etm@
> openssh.com,hmac
> -sha2-256-etm@op
> enssh.com,hmac-s
> ha2-512-etm@open
> ssh.com,hmac-sha
> [hidden email]
> m,umac-64@openss
> h.com,umac-128@o
> penssh.com,hmac-
> sha2-256,hmac-sh
> a2-512,hmac-sha1
> ....none,zlib@op
> enssh.com....non
> e,[hidden email]
> om.............
>
> SENT packet:
> 14 25 81 88 A7 CD 90 15 0E 5E 3B 7C B4 0B 1E 9D
> CA 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
> 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
> 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
> 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
> .%.......^;|....
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..hmac-sha1....h
> mac-sha1....none
> ,zlib....none,zl
> ib.............
>
> SENT packet:
> 1E 00 00 04 00
> .....
>
> RECEIVED packet:
> 03 00 00 00 01
> .....
>
> SENT packet:
> 03 00 00 00 02
> .....
>
> SENT packet:
> 01 00 00 00 03 00 00 00 19 45 78 70 65 63 74 65
> 64 20 4B 45 58 5F 44 48 5F 47 45 58 5F 47 52 4F
> 55 50 00 00 00 00
> .........Expecte
> d KEX_DH_GEX_GRO
> UP....
>
> SENT packet:
> 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
> 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
> 00 18 00 00 00 00 00 00 00 00 00 00 00 00
> b........pty-req
> .....xterm...P..
> ..............
>
> SENT packet:
> 62 00 00 00 00 00 00 00 05 73 68 65 6C 6C 01
> b........shell.
>
>
>
>
>
>
> > Am 23.01.2017 um 01:22 schrieb Ulrich Hansen <[hidden email]>:
> >
> > Hi all,
> >
> > Thanks to Jerome, there is now SSH2DOS in the FreeDOS net repo, which is
> great!
> >
> > Unfortunately even this free SSH client is getting a bit rusty, the
> latest version is 11 years old.
> >
> > As I found out, it wouldnrCOt connect to my server (Ubuntu 16.04 LTS).
> > But it still connected fine to a Debian Wheezy machine.
> >
> > In the end I found the problem: OpenSSH versions >=6.7 have disabled a
> necessary KexAlgorithm and a Cipher.
> >
> > Here is a report. I also posted it on the SSH2DOS page on SourceForge.
> >
> > Hope this helps others eventually...
> > Ulrich
> >
> >
> >
> > 1. The solution:
> >
> > Add the following lines to /etc/ssh/sshd_config on the server:
> >
> > Ciphers aes128-cbc
> > KexAlgorithms diffie-hellman-group-exchange-sha1
> >
> >
> > 2. The problem:
> >
> > SSH2DOS works fine with a Debian Wheezy machine with OpenSSH 6.0.
> >
> > But it does not connect to a Debian 8 machine with OpenSSH 6.7.
> > It also does not connect to a Ubuntu 16.04 server with OpenSSH 7.2.
> >
> > SSH2DOS gives the following error code:
> >
> > C:\> ssh2d386 username 192.168.1.136
> > SSH2DOS v0.2.1. 386+ version
> > Remote host closed connection
> > DH key exchange failed
> > Socket write error. File: transprt.c, line:698
> > Remote reset connection
> >
> > On the server /var/log/auth.log says:
> > Jan 23 00:17:25 debian8 sshd [1883]: fatal: Unable to negotiate a key
> exchange method [preauth]
> >
> > SSH2D386 with the -d option writes the following DEBUG.PKT:
> >
> >
> > -------------------
> >
> > RECEIVED packet:
> > 14 63 99 7B 69 DA 8E 90 00 02 0A 69 D1 32 93 26
> > E1 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D
> > 73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72
> > 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74
> > 70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E
> > 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61
> > 32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69
> > 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D
> > 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C
> > 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67
> > 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 41 73
> > 73 68 2D 72 73 61 2C 72 73 61 2D 73 68 61 32 2D
> > 35 31 32 2C 72 73 61 2D 73 68 61 32 2D 32 35 36
> > 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74
> > 70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39
> > 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> > 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> > 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> > 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> > 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> > 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> > 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> > 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> > 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> > 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> > 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> > 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> > 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> > 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> > 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40
> > 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63
> > 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> > 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32
> > 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> > 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32
> > 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> > 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F
> > 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D
> > 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75
> > 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E
> > 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35
> > 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C
> > 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61
> > 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> > 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74
> > 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D
> > 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40
> > 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
> > 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70
> > 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
> > 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E
> > 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E
> > 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38
> > 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61
> > 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D
> > 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68
> > 61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40
> > 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E
> > 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68
> > 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00
> > 00
> > .c.{i......i.2.&
> > .....curve25519-
> > [hidden email]
> > g,ecdh-sha2-nist
> > p256,ecdh-sha2-n
> > istp384,ecdh-sha
> > 2-nistp521,diffi
> > e-hellman-group-
> > exchange-sha256,
> > diffie-hellman-g
> > roup14-sha1...As
> > sh-rsa,rsa-sha2-
> > 512,rsa-sha2-256
> > ,ecdsa-sha2-nist
> > p256,ssh-ed25519
> > ...lchacha20-pol
> > [hidden email]
> > m,aes128-ctr,aes
> > 192-ctr,aes256-c
> > tr,aes128-gcm@op
> > enssh.com,aes256
> > -[hidden email]
> > ...lchacha20-pol
> > [hidden email]
> > m,aes128-ctr,aes
> > 192-ctr,aes256-c
> > tr,aes128-gcm@op
> > enssh.com,aes256
> > -[hidden email]
> > ....umac-64-etm@
> > openssh.com,umac
> > -128-etm@openssh
> > .com,hmac-sha2-2
> > [hidden email]
> > om,hmac-sha2-512
> > -[hidden email]
> > ,hmac-sha1-etm@o
> > penssh.com,umac-
> > [hidden email],u
> > mac-128@openssh.
> > com,hmac-sha2-25
> > 6,hmac-sha2-512,
> > hmac-sha1....uma
> > c-64-etm@openssh
> > .com,umac-128-et
> > [hidden email],hm
> > ac-sha2-256-etm@
> > openssh.com,hmac
> > -sha2-512-etm@op
> > enssh.com,hmac-s
> > ha1-etm@openssh.
> > com,umac-64@open
> > ssh.com,umac-128
> > @openssh.com,hma
> > c-sha2-256,hmac-
> > sha2-512,hmac-sh
> > a1....none,zlib@
> > openssh.com....n
> > one,zlib@openssh
> > .com............
> > .
> >
> > SENT packet:
> > 14 8D 73 ED D0 96 BE 48 9A 89 61 74 E7 41 14 CE
> > FC 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> > 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> > 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> > 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> > 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> > 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
> > 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
> > 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
> > 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
> > ..s....H..at.A..
> > ...."diffie-hell
> > man-group-exchan
> > ge-sha1....ssh-d
> > ss....aes128-cbc
> > ....aes128-cbc..
> > ..hmac-sha1....h
> > mac-sha1....none
> > ,zlib....none,zl
> > ib.............
> >
> > SENT packet:
> > 1E 00 00 04 00
> > .....
> >
> > SENT packet:
> > 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
> > 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
> > 00 18 00 00 00 00 00 00 00 00 00 00 00 00
> > b........pty-req
> > .....xterm...P..
> > ..............
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Freedos-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/freedos-user
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>

--001a11c00ea612aad70546e511ab
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir="ltr">They deprecated that cipher - you can make it work, but it is
vulnerable.-a Also,-assh2dos is very unstable in my experience.-a I wish
somebody would write a decent ssh for dos. -a</div><div
class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 23, 2017 at 1:21
AM, Ulrich Hansen <span dir="ltr">&lt;<a href="mailto:[hidden email]"
target="_blank">[hidden email]</a>&gt;</span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Update:<br>
<br>
The solution I found last night seems to work only for older OpenSSH
servers.<br>
<br>
For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:<br>
<br>
HostKeyAlgorithms ssh-dss<br>
<br>
to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by
default since OpenSSH 6.9.<br>
<br>
But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.<br>
<br>
Perhaps someone has an idea?<br>
<br>
At the moment SSH2DOS can only be used to connect to older servers, running
f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7).<br>
<br>
So soon there will be no functioning SSH client anymore for FreeDOS. :-(<br>
<br>
Here are the messages:<br>
<br>
SSH2DOS error message is:<br>
<br>
C:\&gt; ssh2d386 username 192.168.1.131<br>
SSH2DOS v0.2.1. 386+ version<br>
Expected KEX_DH_GEX_GROUP<br>
DH key exchange failed<br>
Remote host closed connection<br>
Socket write error. File: transprt.c, line:698<br>
Connection closed by peer<br>
<br>
On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log
says:<br>
<br>
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error: type
30 seq 1 [preauth]<br>
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect from
192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]<br>

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Dan Schmidt
In reply to this post by Ulrich Hansen-2
They deprecated that cipher - you can make it work, but it is vulnerable.  Also, ssh2dos is very unstable in my experience.  I wish somebody would write a decent ssh for dos.  

On Mon, Jan 23, 2017 at 1:21 AM, Ulrich Hansen <[hidden email]> wrote:
Update:

The solution I found last night seems to work only for older OpenSSH servers.

For Ubuntu 16.04 LTS (with OpenSSH 7.2.) I also had to add:

HostKeyAlgorithms ssh-dss

to /etc/ssh/sshd_config because ssh-dss seems to have been deactivated by default since OpenSSH 6.9.

But in the end SSH2DOS was still not able to connect to OpenSSH 7.2.

Perhaps someone has an idea?

At the moment SSH2DOS can only be used to connect to older servers, running f.i. Debian Wheezy (OpenSSH 6.0) or Jessie (OpenSSH 6.7).

So soon there will be no functioning SSH client anymore for FreeDOS. :-(

Here are the messages:

SSH2DOS error message is:

C:\> ssh2d386 username 192.168.1.131
SSH2DOS v0.2.1. 386+ version
Expected KEX_DH_GEX_GROUP
DH key exchange failed
Remote host closed connection
Socket write error. File: transprt.c, line:698
Connection closed by peer

On the server, Ubuntu 16.04 LTS (with OpenSSH 7.2.), /var/log/auth.log says:

Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: kex protocol error: type 30 seq 1 [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: error: Received disconnect from 192.168.1.110 port 564:3: Expected KEX_DH_GEX_GROUP [preauth]
Jan 23 09:55:09 ubuntu-VirtualBox sshd[4661]: Disconnected from 192.168.1.110 port 564 [preauth]


C:\> ssh2d386 -d username 192.168.1.131

wrote the following output in C:\SSH2DOS\DEBUG.PKT:

-------------------

RECEIVED packet:
14 BE 6D 01 48 D3 E5 EB 2A C1 81 DE E7 31 AB DB
B2 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31
32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36
2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65
74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68
6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65
6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34
40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61
63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C
68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D
61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 63 2D
36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40
6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E
73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61
31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F
6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73
68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F
70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D
73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68
61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31
00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70
65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E
65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63
6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00
..m.H...*....1..
...."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
....aes128-cbc..
..umac-64-etm@op
enssh.com,umac-1
[hidden email]
om,hmac-sha2-256
-[hidden email]
,hmac-sha2-512-e
[hidden email],h
mac-sha1-etm@ope
nssh.com,umac-64
@openssh.com,uma
[hidden email]
m,hmac-sha2-256,
hmac-sha2-512,hm
ac-sha1....umac-
[hidden email]
om,umac-128-etm@
openssh.com,hmac
-sha2-256-etm@op
enssh.com,hmac-s
ha2-512-etm@open
ssh.com,hmac-sha
[hidden email]
m,umac-64@openss
h.com,umac-128@o
penssh.com,hmac-
sha2-256,hmac-sh
a2-512,hmac-sha1
....none,zlib@op
enssh.com....non
e,[hidden email]
om.............

SENT packet:
14 25 81 88 A7 CD 90 15 0E 5E 3B 7C B4 0B 1E 9D
CA 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
.%.......^;|....
...."diffie-hell
man-group-exchan
ge-sha1....ssh-d
ss....aes128-cbc
....aes128-cbc..
..hmac-sha1....h
mac-sha1....none
,zlib....none,zl
ib.............

SENT packet:
1E 00 00 04 00
.....

RECEIVED packet:
03 00 00 00 01
.....

SENT packet:
03 00 00 00 02
.....

SENT packet:
01 00 00 00 03 00 00 00 19 45 78 70 65 63 74 65
64 20 4B 45 58 5F 44 48 5F 47 45 58 5F 47 52 4F
55 50 00 00 00 00
.........Expecte
d KEX_DH_GEX_GRO
UP....

SENT packet:
62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
00 18 00 00 00 00 00 00 00 00 00 00 00 00
b........pty-req
.....xterm...P..
..............

SENT packet:
62 00 00 00 00 00 00 00 05 73 68 65 6C 6C 01
b........shell.






> Am 23.01.2017 um 01:22 schrieb Ulrich Hansen <[hidden email]>:
>
> Hi all,
>
> Thanks to Jerome, there is now SSH2DOS in the FreeDOS net repo, which is great!
>
> Unfortunately even this free SSH client is getting a bit rusty, the latest version is 11 years old.
>
> As I found out, it wouldn’t connect to my server (Ubuntu 16.04 LTS).
> But it still connected fine to a Debian Wheezy machine.
>
> In the end I found the problem: OpenSSH versions >=6.7 have disabled a necessary KexAlgorithm and a Cipher.
>
> Here is a report. I also posted it on the SSH2DOS page on SourceForge.
>
> Hope this helps others eventually...
> Ulrich
>
>
>
> 1. The solution:
>
> Add the following lines to /etc/ssh/sshd_config on the server:
>
> Ciphers aes128-cbc
> KexAlgorithms diffie-hellman-group-exchange-sha1
>
>
> 2. The problem:
>
> SSH2DOS works fine with a Debian Wheezy machine with OpenSSH 6.0.
>
> But it does not connect to a Debian 8 machine with OpenSSH 6.7.
> It also does not connect to a Ubuntu 16.04 server with OpenSSH 7.2.
>
> SSH2DOS gives the following error code:
>
> C:\> ssh2d386 username 192.168.1.136
> SSH2DOS v0.2.1. 386+ version
> Remote host closed connection
> DH key exchange failed
> Socket write error. File: transprt.c, line:698
> Remote reset connection
>
> On the server /var/log/auth.log says:
> Jan 23 00:17:25 debian8 sshd [1883]: fatal: Unable to negotiate a key exchange method [preauth]
>
> SSH2D386 with the -d option writes the following DEBUG.PKT:
>
>
> -------------------
>
> RECEIVED packet:
> 14 63 99 7B 69 DA 8E 90 00 02 0A 69 D1 32 93 26
> E1 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D
> 73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72
> 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74
> 70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E
> 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61
> 32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69
> 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D
> 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C
> 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67
> 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 41 73
> 73 68 2D 72 73 61 2C 72 73 61 2D 73 68 61 32 2D
> 35 31 32 2C 72 73 61 2D 73 68 61 32 2D 32 35 36
> 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74
> 70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 00 00 00 6C 63 68 61 63 68 61 32 30 2D 70 6F 6C
> 79 31 33 30 35 40 6F 70 65 6E 73 73 68 2E 63 6F
> 6D 2C 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73
> 31 39 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63
> 74 72 2C 61 65 73 31 32 38 2D 67 63 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 61 65 73 32 35 36
> 2D 67 63 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63
> 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32
> 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63
> 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32
> 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D
> 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F
> 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D
> 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75
> 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E
> 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35
> 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C
> 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61
> 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74
> 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D
> 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63
> 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70
> 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
> 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E
> 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E
> 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38
> 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61
> 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D
> 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68
> 61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40
> 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E
> 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68
> 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> .c.{i......i.2.&
> .....curve25519-
> [hidden email]
> g,ecdh-sha2-nist
> p256,ecdh-sha2-n
> istp384,ecdh-sha
> 2-nistp521,diffi
> e-hellman-group-
> exchange-sha256,
> diffie-hellman-g
> roup14-sha1...As
> sh-rsa,rsa-sha2-
> 512,rsa-sha2-256
> ,ecdsa-sha2-nist
> p256,ssh-ed25519
> ...lchacha20-pol
> [hidden email]
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -[hidden email]
> ...lchacha20-pol
> [hidden email]
> m,aes128-ctr,aes
> 192-ctr,aes256-c
> tr,aes128-gcm@op
> enssh.com,aes256
> -[hidden email]
> ....umac-64-etm@
> openssh.com,umac
> -128-etm@openssh
> .com,hmac-sha2-2
> [hidden email]
> om,hmac-sha2-512
> -[hidden email]
> ,hmac-sha1-etm@o
> penssh.com,umac-
> [hidden email],u
> mac-128@openssh.
> com,hmac-sha2-25
> 6,hmac-sha2-512,
> hmac-sha1....uma
> c-64-etm@openssh
> .com,umac-128-et
> [hidden email],hm
> ac-sha2-256-etm@
> openssh.com,hmac
> -sha2-512-etm@op
> enssh.com,hmac-s
> ha1-etm@openssh.
> com,umac-64@open
> ssh.com,umac-128
> @openssh.com,hma
> c-sha2-256,hmac-
> sha2-512,hmac-sh
> a1....none,zlib@
> openssh.com....n
> one,zlib@openssh
> .com............
> .
>
> SENT packet:
> 14 8D 73 ED D0 96 BE 48 9A 89 61 74 E7 41 14 CE
> FC 00 00 00 22 64 69 66 66 69 65 2D 68 65 6C 6C
> 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E
> 67 65 2D 73 68 61 31 00 00 00 07 73 73 68 2D 64
> 73 73 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63
> 00 00 00 0A 61 65 73 31 32 38 2D 63 62 63 00 00
> 00 09 68 6D 61 63 2D 73 68 61 31 00 00 00 09 68
> 6D 61 63 2D 73 68 61 31 00 00 00 09 6E 6F 6E 65
> 2C 7A 6C 69 62 00 00 00 09 6E 6F 6E 65 2C 7A 6C
> 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
> ..s....H..at.A..
> ...."diffie-hell
> man-group-exchan
> ge-sha1....ssh-d
> ss....aes128-cbc
> ....aes128-cbc..
> ..hmac-sha1....h
> mac-sha1....none
> ,zlib....none,zl
> ib.............
>
> SENT packet:
> 1E 00 00 04 00
> .....
>
> SENT packet:
> 62 00 00 00 00 00 00 00 07 70 74 79 2D 72 65 71
> 01 00 00 00 05 78 74 65 72 6D 00 00 00 50 00 00
> 00 18 00 00 00 00 00 00 00 00 00 00 00 00
> b........pty-req
> .....xterm...P..
> ..............
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Bret
In reply to this post by Ulrich Hansen-2
> I wish somebody would write a decent ssh for dos.

Could that somebody be you?
____________________________________________________________
Another Scandal Hits TLC...Will The Network Survive This One
trend-chaser.com
http://thirdpartyoffers.juno.com/TGL3141/588a191272bac19125e24st01vuc

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen
Hi,
I am sorry if I missed this thread.
As I am presently writing this e-mail using ssh2d386 from the ssh2dos
package ssh2021b,  perhaps I can help you troubleshoot.
for the record, I am not using freedos, but  the ms dos 7.10 package
mentioned on this list.
Still every day several times a day I connect  to two different servers
using  this package.
may I ask again what your issue is presently?
Karen


On Thu, 26 Jan 2017, Bret Johnson wrote:

>> I wish somebody would write a decent ssh for dos.
>
> Could that somebody be you?
> ____________________________________________________________
> Another Scandal Hits TLC...Will The Network Survive This One
> trend-chaser.com
> http://thirdpartyoffers.juno.com/TGL3141/588a191272bac19125e24st01vuc
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: Karen Lewellen <[hidden email]>

Hi,
I am sorry if I missed this thread.
As I am presently writing this e-mail using ssh2d386 from the ssh2dos
package ssh2021b,  perhaps I can help you troubleshoot.
for the record, I am not using freedos, but  the ms dos 7.10 package
mentioned on this list.
Still every day several times a day I connect  to two different servers
using  this package.
may I ask again what your issue is presently?
Karen


On Thu, 26 Jan 2017, Bret Johnson wrote:

>> I wish somebody would write a decent ssh for dos.
>
> Could that somebody be you?
> ____________________________________________________________
> Another Scandal Hits TLC...Will The Network Survive This One
> trend-chaser.com
> http://thirdpartyoffers.juno.com/TGL3141/588a191272bac19125e24st01vuc
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: "Bret Johnson" <[hidden email]>

> I wish somebody would write a decent ssh for dos.

Could that somebody be you?
____________________________________________________________
Another Scandal Hits TLC...Will The Network Survive This One
trend-chaser.com
http://thirdpartyoffers.juno.com/TGL3141/588a191272bac19125e24st01vuc

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Ulrich Hansen-2
In reply to this post by Karen Lewellen

> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:
>
> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
> package ssh2021b,  perhaps I can help you troubleshoot.

Hi Karen!

I am using the exact same program and version.

> for the record, I am not using freedos, but  the ms dos 7.10 package
> mentioned on this list.
> Still every day several times a day I connect  to two different servers
> using  this package.

I guess your servers still run OpenSSH in versions earlier than 6.9.

> may I ask again what your issue is presently?

Actually I have given up on it. I spent another day trying to get it to work, but without success.

The problem is that I can’t connect to an Ubuntu 16.04 LTS server with OpenSSH 7.2.

SSH2D386 gives the message:

     Expected KEX_DH_GEX_GROUP
     DH key exchange failed

The server logs:
     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol error: type 30 seq 1 [preauth]
     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO

As I wrote I already had problems connecting to a Debian 8 server with OpenSSH 6.7.
But there I could fix it with these lines in /etc/ssh/sshd_config on the server.

     Ciphers aes128-cbc
     KexAlgorithms diffie-hellman-group-exchange-sha1
     MACs hmac-sha1
     HostKeyAlgorithms ssh-css

But in OpenSSH 7.2 this didn’t work.

What else did I try?

I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.

I tried to recompile OpenSSH.
The first time with adding this line in in compat.c:
     { "SSHDOS*", SSH_OLD_DHGEX },
The second time with this one:
     { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },

Both were not able to let SSH2D386 connect. It worked great with other SSH clients.

The idea was that SSH2DOS uses code from PuTTY and there were already several exceptions in combat.c for old PuTTY versions. The reason seems to be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did not. See [1], [2].

I even looked at the SSH2DOS source code. But I have no experience with OpenWatcom. I installed it but gave up, when I saw I also had to compile the WATT32 TCP/IP stack.

SSH2DOS uses PuTTY code, which is also Free Software. So in theory it should be possible to replace the old PuTTY code with a more recent one.

cheers
Ulrich


[1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
[2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen
Well, if you have given up no point in my sharing.
We use the same edition of Ubuntu, both with dreamhost who has my office,
and here at shellworld.
While the latter requires me to make use of a few ssh2021b options, the -g
option  for example, I encounter no issues.
I am going to guess that  things like machine speed, mine is a p3 with
allot of memory, impacts your situation.
nor, I would hope, your  location in the world.
Sorry I did not notice your post before you abandoned  the effort.
Kare


On Fri, 27 Jan 2017, Ulrich Hansen wrote:

>
>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:
>>
>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
>> package ssh2021b,  perhaps I can help you troubleshoot.
>
> Hi Karen!
>
> I am using the exact same program and version.
>
>> for the record, I am not using freedos, but  the ms dos 7.10 package
>> mentioned on this list.
>> Still every day several times a day I connect  to two different servers
>> using  this package.
>
> I guess your servers still run OpenSSH in versions earlier than 6.9.
>
>> may I ask again what your issue is presently?
>
> Actually I have given up on it. I spent another day trying to get it to work, but without success.
>
> The problem is that I can’t connect to an Ubuntu 16.04 LTS server with OpenSSH 7.2.
>
> SSH2D386 gives the message:
>
>     Expected KEX_DH_GEX_GROUP
>     DH key exchange failed
>
> The server logs:
>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol error: type 30 seq 1 [preauth]
>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>
> As I wrote I already had problems connecting to a Debian 8 server with OpenSSH 6.7.
> But there I could fix it with these lines in /etc/ssh/sshd_config on the server.
>
>     Ciphers aes128-cbc
>     KexAlgorithms diffie-hellman-group-exchange-sha1
>     MACs hmac-sha1
>     HostKeyAlgorithms ssh-css
>
> But in OpenSSH 7.2 this didn’t work.
>
> What else did I try?
>
> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>
> I tried to recompile OpenSSH.
> The first time with adding this line in in compat.c:
>     { "SSHDOS*", SSH_OLD_DHGEX },
> The second time with this one:
>     { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>
> Both were not able to let SSH2D386 connect. It worked great with other SSH clients.
>
> The idea was that SSH2DOS uses code from PuTTY and there were already several exceptions in combat.c for old PuTTY versions. The reason seems to be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did not. See [1], [2].
>
> I even looked at the SSH2DOS source code. But I have no experience with OpenWatcom. I installed it but gave up, when I saw I also had to compile the WATT32 TCP/IP stack.
>
> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it should be possible to replace the old PuTTY code with a more recent one.
>
> cheers
> Ulrich
>
>
> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

William Dudley
Karen,

If you know how to get ssh2d386 to connect to a modern openssh, as on Ubuntu 16.04,
please share the recipe with us!

Thanks,
Bill Dudley


This email is free of malware because I run Linux.

On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <[hidden email]> wrote:
Well, if you have given up no point in my sharing.
We use the same edition of Ubuntu, both with dreamhost who has my office, and here at shellworld.
While the latter requires me to make use of a few ssh2021b options, the -g option  for example, I encounter no issues.
I am going to guess that  things like machine speed, mine is a p3 with allot of memory, impacts your situation.
nor, I would hope, your  location in the world.
Sorry I did not notice your post before you abandoned  the effort.
Kare



On Fri, 27 Jan 2017, Ulrich Hansen wrote:


Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:

As I am presently writing this e-mail using ssh2d386 from the ssh2dos
package ssh2021b,  perhaps I can help you troubleshoot.

Hi Karen!

I am using the exact same program and version.

for the record, I am not using freedos, but  the ms dos 7.10 package
mentioned on this list.
Still every day several times a day I connect  to two different servers
using  this package.

I guess your servers still run OpenSSH in versions earlier than 6.9.

may I ask again what your issue is presently?

Actually I have given up on it. I spent another day trying to get it to work, but without success.

The problem is that I can’t connect to an Ubuntu 16.04 LTS server with OpenSSH 7.2.

SSH2D386 gives the message:

    Expected KEX_DH_GEX_GROUP
    DH key exchange failed

The server logs:
    Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol error: type 30 seq 1 [preauth]
    Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO

As I wrote I already had problems connecting to a Debian 8 server with OpenSSH 6.7.
But there I could fix it with these lines in /etc/ssh/sshd_config on the server.

    Ciphers aes128-cbc
    KexAlgorithms diffie-hellman-group-exchange-sha1
    MACs hmac-sha1
    HostKeyAlgorithms ssh-css

But in OpenSSH 7.2 this didn’t work.

What else did I try?

I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.

I tried to recompile OpenSSH.
The first time with adding this line in in compat.c:
    { "SSHDOS*",                SSH_OLD_DHGEX },
The second time with this one:
    { "SSHDOS*",                SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },

Both were not able to let SSH2D386 connect. It worked great with other SSH clients.

The idea was that SSH2DOS uses code from PuTTY and there were already several exceptions in combat.c for old PuTTY versions. The reason seems to be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did not. See [1], [2].

I even looked at the SSH2DOS source code. But I have no experience with OpenWatcom. I installed it but gave up, when I saw I also had to compile the WATT32 TCP/IP stack.

SSH2DOS uses PuTTY code, which is also Free Software. So in theory it should be possible to replace the old PuTTY code with a more recent one.

cheers
Ulrich


[1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
[2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: Karen Lewellen <[hidden email]>

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

---1404930036-1509533136-1485483051=:10725
Content-Type: TEXT/PLAIN; charset=utf-8; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE

Well, if you have given up no point in my sharing.
We use the same edition of Ubuntu, both with dreamhost who has my office,
and here at shellworld.
While the latter requires me to make use of a few ssh2021b options, the -g
option  for example, I encounter no issues.
I am going to guess that  things like machine speed, mine is a p3 with
allot of memory, impacts your situation.
nor, I would hope, your  location in the world.
Sorry I did not notice your post before you abandoned  the effort.
Kare


On Fri, 27 Jan 2017, Ulrich Hansen wrote:

>
>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:
>>
>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
>> package ssh2021b,  perhaps I can help you troubleshoot.
>
> Hi Karen!
>
> I am using the exact same program and version.
>
>> for the record, I am not using freedos, but  the ms dos 7.10 package
>> mentioned on this list.
>> Still every day several times a day I connect  to two different servers
>> using  this package.
>
> I guess your servers still run OpenSSH in versions earlier than 6.9.
>
>> may I ask again what your issue is presently?
>
> Actually I have given up on it. I spent another day trying to get it to work,
but without success.
>
> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
OpenSSH 7.2.
>
> SSH2D386 gives the message:
>
>     Expected KEX_DH_GEX_GROUP
>     DH key exchange failed
>
> The server logs:
>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol error:
type 30 seq 1 [preauth]
>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received disconnect
from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>
> As I wrote I already had problems connecting to a Debian 8 server with
OpenSSH 6.7.
> But there I could fix it with these lines in /etc/ssh/sshd_config on the
server.

>
>     Ciphers aes128-cbc
>     KexAlgorithms diffie-hellman-group-exchange-sha1
>     MACs hmac-sha1
>     HostKeyAlgorithms ssh-css
>
> But in OpenSSH 7.2 this didnrCOt work.
>
> What else did I try?
>
> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>
> I tried to recompile OpenSSH.
> The first time with adding this line in in compat.c:
>     { "SSHDOS*", SSH_OLD_DHGEX },
> The second time with this one:
>     { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>
> Both were not able to let SSH2D386 connect. It worked great with other SSH
clients.
>
> The idea was that SSH2DOS uses code from PuTTY and there were already several
exceptions in combat.c for old PuTTY versions. The reason seems to be that
OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did not. See
[1], [2].
>
> I even looked at the SSH2DOS source code. But I have no experience with
OpenWatcom. I installed it but gave up, when I saw I also had to compile the
WATT32 TCP/IP stack.
>
> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it should
be possible to replace the old PuTTY code with a more recent one.

>
> cheers
> Ulrich
>
>
> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>
---1404930036-1509533136-1485483051=:10725
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
---1404930036-1509533136-1485483051=:10725
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user

---1404930036-1509533136-1485483051=:10725--

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen
In reply to this post by William Dudley
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: William Dudley <[hidden email]>

--===============8065803778214986417==
Content-Type: multipart/alternative; boundary=94eb2c0893a0da8e6605470ac4d5

--94eb2c0893a0da8e6605470ac4d5
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Karen,

If you know how to get ssh2d386 to connect to a modern openssh, as on
Ubuntu 16.04,
please share the recipe with us!

Thanks,
Bill Dudley


This email is free of malware because I run Linux.

On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <[hidden email]>
wrote:

> Well, if you have given up no point in my sharing.
> We use the same edition of Ubuntu, both with dreamhost who has my office,
> and here at shellworld.
> While the latter requires me to make use of a few ssh2021b options, the -g
> option  for example, I encounter no issues.
> I am going to guess that  things like machine speed, mine is a p3 with
> allot of memory, impacts your situation.
> nor, I would hope, your  location in the world.
> Sorry I did not notice your post before you abandoned  the effort.
> Kare
>
>
>
> On Fri, 27 Jan 2017, Ulrich Hansen wrote:
>
>
>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:
>>>
>>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
>>> package ssh2021b,  perhaps I can help you troubleshoot.
>>>
>>
>> Hi Karen!
>>
>> I am using the exact same program and version.
>>
>> for the record, I am not using freedos, but  the ms dos 7.10 package
>>> mentioned on this list.
>>> Still every day several times a day I connect  to two different servers
>>> using  this package.
>>>
>>
>> I guess your servers still run OpenSSH in versions earlier than 6.9.
>>
>> may I ask again what your issue is presently?
>>>
>>
>> Actually I have given up on it. I spent another day trying to get it to
>> work, but without success.
>>
>> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
>> OpenSSH 7.2.
>>
>> SSH2D386 gives the message:
>>
>>     Expected KEX_DH_GEX_GROUP
>>     DH key exchange failed
>>
>> The server logs:
>>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
>> error: type 30 seq 1 [preauth]
>>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
>> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>>
>> As I wrote I already had problems connecting to a Debian 8 server with
>> OpenSSH 6.7.
>> But there I could fix it with these lines in /etc/ssh/sshd_config on the
>> server.
>>
>>     Ciphers aes128-cbc
>>     KexAlgorithms diffie-hellman-group-exchange-sha1
>>     MACs hmac-sha1
>>     HostKeyAlgorithms ssh-css
>>
>> But in OpenSSH 7.2 this didnrCOt work.
>>
>> What else did I try?
>>
>> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>>
>> I tried to recompile OpenSSH.
>> The first time with adding this line in in compat.c:
>>     { "SSHDOS*",                SSH_OLD_DHGEX },
>> The second time with this one:
>>     { "SSHDOS*",                SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>>
>> Both were not able to let SSH2D386 connect. It worked great with other
>> SSH clients.
>>
>> The idea was that SSH2DOS uses code from PuTTY and there were already
>> several exceptions in combat.c for old PuTTY versions. The reason seems to
>> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did
>> not. See [1], [2].
>>
>> I even looked at the SSH2DOS source code. But I have no experience with
>> OpenWatcom. I installed it but gave up, when I saw I also had to compile
>> the WATT32 TCP/IP stack.
>>
>> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
>> should be possible to replace the old PuTTY code with a more recent one.
>>
>> cheers
>> Ulrich
>>
>>
>> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
>> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
>> rfc4419.html
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Freedos-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>
>

--94eb2c0893a0da8e6605470ac4d5
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir="ltr">Karen,<div><br></div><div>If you know how to get ssh2d386 to
connect to a modern openssh, as on Ubuntu 16.04,</div><div>please share the
recipe with us!</div><div><br></div><div>Thanks,</div><div>Bill
Dudley</div><div><br></div></div><div class="gmail_extra"><br
clear="all"><div><div class="gmail_signature"
data-smartmail="gmail_signature">This email is free of malware because I run
Linux.</div></div>
<br><div class="gmail_quote">On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen
<span dir="ltr">&lt;<a href="mailto:[hidden email]"
target="_blank">[hidden email]</a>&gt;</span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Well, if you have given up no point in my sharing.<br>
We use the same edition of Ubuntu, both with dreamhost who has my office, and
here at shellworld.<br>
While the latter requires me to make use of a few ssh2021b options, the -g
option-a for example, I encounter no issues.<br>
I am going to guess that-a things like machine speed, mine is a p3 with allot
of memory, impacts your situation.<br>
nor, I would hope, your-a location in the world.<br>
Sorry I did not notice your post before you abandoned-a the effort.<br>
Kare<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Am 26.01.2017 um 18:19 schrieb Karen Lewellen &lt;<a
href="mailto:[hidden email]" target="_blank">[hidden email]</a>&gt;:<br>
<br>
As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br>
package ssh2021b,-a perhaps I can help you troubleshoot.<br>
</blockquote>
<br>
Hi Karen!<br>
<br>
I am using the exact same program and version.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
for the record, I am not using freedos, but-a the ms dos 7.10 package<br>
mentioned on this list.<br>
Still every day several times a day I connect-a to two different servers<br>
using-a this package.<br>
</blockquote>
<br>
I guess your servers still run OpenSSH in versions earlier than 6.9.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
may I ask again what your issue is presently?<br>
</blockquote>
<br>
Actually I have given up on it. I spent another day trying to get it to work,
but without success.<br>
<br>
The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
OpenSSH 7.2.<br>
<br>
SSH2D386 gives the message:<br>
<br>
-a -a Expected KEX_DH_GEX_GROUP<br>
-a -a DH key exchange failed<br>
<br>
The server logs:<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol error:
type 30 seq 1 [preauth]<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received disconnect
from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO<br>
<br>
As I wrote I already had problems connecting to a Debian 8 server with OpenSSH
6.7.<br>
But there I could fix it with these lines in /etc/ssh/sshd_config on the
server.<br>
<br>
-a -a Ciphers aes128-cbc<br>
-a -a KexAlgorithms diffie-hellman-group-exchange-<wbr>sha1<br>
-a -a MACs hmac-sha1<br>
-a -a HostKeyAlgorithms ssh-css<br>
<br>
But in OpenSSH 7.2 this didnrCOt work.<br>
<br>
What else did I try?<br>
<br>
I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.<br>
<br>
I tried to recompile OpenSSH.<br>
The first time with adding this line in in compat.c:<br>
-a -a { &quot;SSHDOS*&quot;,-a -a -a -a -a -a -a -a SSH_OLD_DHGEX },<br>
The second time with this one:<br>
-a -a { &quot;SSHDOS*&quot;,-a -a -a -a -a -a -a -a
SSH_BUG_NOREKEY|SSH_BUG_FIRSTK<wbr>EX },<br>
<br>
Both were not able to let SSH2D386 connect. It worked great with other SSH
clients.<br>
<br>
The idea was that SSH2DOS uses code from PuTTY and there were already several
exceptions in combat.c for old PuTTY versions. The reason seems to be that
OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did not. See
[1], [2].<br>
<br>
I even looked at the SSH2DOS source code. But I have no experience with
OpenWatcom. I installed it but gave up, when I saw I also had to compile the
WATT32 TCP/IP stack.<br>
<br>
SSH2DOS uses PuTTY code, which is also Free Software. So in theory it should be
possible to replace the old PuTTY code with a more recent one.<br>
<br>
cheers<br>
Ulrich<br>
<br>
<br>
[1] <a href="https://forums.red-gate.com/viewtopic.php?f=198&amp;t=78958"
rel="noreferrer" target="_blank">https://forums.red-gate.com/vi<wbr>ewtopic.php?f=198&amp;t=78958</a><br>
[2] <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html" rel="noreferrer" target="_blank">http://www.chiark.greenend.org<wbr>.uk/~sgtatham/putty/wishlist/<wbr>rfc4419.html</a><br>
<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>------------------<br>
Check out the vibrant tech community on one of the world&#39;s most<br>
engaging tech sites, SlashDot.org! <a href="http://sdm.link/slashdot"
rel="noreferrer" target="_blank">http://sdm.link/slashdot</a><br>
______________________________<wbr>_________________<br>
Freedos-user mailing list<br>
<a href="mailto:[hidden email]"
target="_blank">[hidden email]<wbr>.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/freedos-user"
rel="noreferrer" target="_blank">https://lists.sourceforge.net/<wbr>lists/listinfo/freedos-user</a><br>
</blockquote>
</div></div><br>------------------------------<wbr>------------------------------<wbr>------------------<br>
Check out the vibrant tech community on one of the world&#39;s most<br>
engaging tech sites, SlashDot.org! <a href="http://sdm.link/slashdot"
rel="noreferrer" target="_blank">http://sdm.link/slashdot</a><br>______________________________<wbr>_________________<br>
Freedos-user mailing list<br>
<a href="mailto:[hidden email]">Freedos-user@lists.<wbr>sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/freedos-user"
rel="noreferrer" target="_blank">https://lists.sourceforge.net/<wbr>lists/listinfo/freedos-user</a><br>
<br></blockquote></div><br></div>

--94eb2c0893a0da8e6605470ac4d5--


--===============8065803778214986417==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
--===============8065803778214986417==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user

--===============8065803778214986417==--

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: Dan Schmidt <[hidden email]>

--===============0780098062071741077==
Content-Type: multipart/alternative; boundary=001a1142b0eecdb1c005470cdeeb

--001a1142b0eecdb1c005470cdeeb
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I am unsure what it is that makes ssh2dos so unstable for me - nobody else
has this issue?

I would like to answer Ulrich on how he can modify his Ubuntu server, but
first, a warning: These algorithms were disabled because they are obsolete
and insecure.  Using a token based login, such as google-authenticator, may
be advisable if your server is public facing.

Firstly, add this to your server's /etc/ssh/sshd_config:

KexAlgorithms diffie-hellman-group1-sha1,[hidden email]
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
HostKeyAlgorithms +ssh-dss

Then, make use of the -g option - it goes BEFORE your username in ssh2dos.
You should now be able to connect.

I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work,
it seems it should.  Also, I was in a rush - I may be excluding some newer
options - report back if you find/add them with success.

-Dan

On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <[hidden email]>
wrote:

> Hi Bill,
> While I appreciate your desire for wisdom, I feel rather sure  my specific
> situation will not apply to anyone else here most likely.
> I use ssh2d386 to  access at least one commercial shell, but those shell
> services are maintained by others.  I am not for example accessing my own
> server.
> If the servers you desire reaching are run by other people,  give me an
> example and I will try.
> If my many years of computing has taught me anything is that the word
> Personal  is important for a reason.
> Kare
>
>
>
> On Thu, 26 Jan 2017, William Dudley wrote:
>
> Karen,
>>
>> If you know how to get ssh2d386 to connect to a modern openssh, as on
>> Ubuntu 16.04,
>> please share the recipe with us!
>>
>> Thanks,
>> Bill Dudley
>>
>>
>> This email is free of malware because I run Linux.
>>
>> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <[hidden email]
>> >
>> wrote:
>>
>> Well, if you have given up no point in my sharing.
>>> We use the same edition of Ubuntu, both with dreamhost who has my office,
>>> and here at shellworld.
>>> While the latter requires me to make use of a few ssh2021b options, the
>>> -g
>>> option  for example, I encounter no issues.
>>> I am going to guess that  things like machine speed, mine is a p3 with
>>> allot of memory, impacts your situation.
>>> nor, I would hope, your  location in the world.
>>> Sorry I did not notice your post before you abandoned  the effort.
>>> Kare
>>>
>>>
>>>
>>> On Fri, 27 Jan 2017, Ulrich Hansen wrote:
>>>
>>>
>>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]
>>>> >:
>>>>
>>>>>
>>>>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
>>>>> package ssh2021b,  perhaps I can help you troubleshoot.
>>>>>
>>>>>
>>>> Hi Karen!
>>>>
>>>> I am using the exact same program and version.
>>>>
>>>> for the record, I am not using freedos, but  the ms dos 7.10 package
>>>>
>>>>> mentioned on this list.
>>>>> Still every day several times a day I connect  to two different servers
>>>>> using  this package.
>>>>>
>>>>>
>>>> I guess your servers still run OpenSSH in versions earlier than 6.9.
>>>>
>>>> may I ask again what your issue is presently?
>>>>
>>>>>
>>>>>
>>>> Actually I have given up on it. I spent another day trying to get it to
>>>> work, but without success.
>>>>
>>>> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
>>>> OpenSSH 7.2.
>>>>
>>>> SSH2D386 gives the message:
>>>>
>>>>     Expected KEX_DH_GEX_GROUP
>>>>     DH key exchange failed
>>>>
>>>> The server logs:
>>>>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
>>>> error: type 30 seq 1 [preauth]
>>>>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
>>>> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>>>>
>>>> As I wrote I already had problems connecting to a Debian 8 server with
>>>> OpenSSH 6.7.
>>>> But there I could fix it with these lines in /etc/ssh/sshd_config on the
>>>> server.
>>>>
>>>>     Ciphers aes128-cbc
>>>>     KexAlgorithms diffie-hellman-group-exchange-sha1
>>>>     MACs hmac-sha1
>>>>     HostKeyAlgorithms ssh-css
>>>>
>>>> But in OpenSSH 7.2 this didnrCOt work.
>>>>
>>>> What else did I try?
>>>>
>>>> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>>>>
>>>> I tried to recompile OpenSSH.
>>>> The first time with adding this line in in compat.c:
>>>>     { "SSHDOS*",                SSH_OLD_DHGEX },
>>>> The second time with this one:
>>>>     { "SSHDOS*",                SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>>>>
>>>> Both were not able to let SSH2D386 connect. It worked great with other
>>>> SSH clients.
>>>>
>>>> The idea was that SSH2DOS uses code from PuTTY and there were already
>>>> several exceptions in combat.c for old PuTTY versions. The reason seems
>>>> to
>>>> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS
>>>> did
>>>> not. See [1], [2].
>>>>
>>>> I even looked at the SSH2DOS source code. But I have no experience with
>>>> OpenWatcom. I installed it but gave up, when I saw I also had to compile
>>>> the WATT32 TCP/IP stack.
>>>>
>>>> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
>>>> should be possible to replace the old PuTTY code with a more recent one.
>>>>
>>>> cheers
>>>> Ulrich
>>>>
>>>>
>>>> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
>>>> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
>>>> rfc4419.html
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Freedos-user mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>>
>>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Freedos-user mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>
>>>
>>>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Freedos-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/freedos-user
>
>

--001a1142b0eecdb1c005470cdeeb
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir="ltr">I am unsure what it is that makes ssh2dos so unstable for me -
nobody else has this issue?-a<div><br>I would like to answer Ulrich on how he
can modify his Ubuntu server, but first, a warning: These algorithms were
disabled because they are obsolete and insecure.-a Using a token based login,
such as google-authenticator, may be advisable if your server is public facing.
-a</div><div><br></div><div>Firstly, add this to your server&#39;s-a<span
style="color:rgb(0,0,0)">/etc/ssh/sshd_config:</span><br><br>KexAlgorithms
diffie-hellman-group1-sha1,<a href="mailto:[hidden email]">[hidden email]</a>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1<br>Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr<br>HostKeyAlgorithms +ssh-dss<br><br>Then, make use of the -g option - it goes BEFORE your username in ssh2dos.-a You should now be able to connect. -a</div><div><br>I do not know why simply adding +diffie-hellman-group1-sha1 doesn&#39;t work, it seems it should.-a Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success.-a</div><div><br></div><div>-Dan</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <span dir="ltr">&lt;<a href="mailto:[hidden email]" target="_blank">[hidden email]</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8
ex;border-left:1px #ccc solid;padding-left:1ex">Hi Bill,<br>
While I appreciate your desire for wisdom, I feel rather sure-a my specific
situation will not apply to anyone else here most likely.<br>
I use ssh2d386 to-a access at least one commercial shell, but those shell
services are maintained by others.-a I am not for example accessing my own
server.<br>
If the servers you desire reaching are run by other people,-a give me an
example and I will try.<br>
If my many years of computing has taught me anything is that the word
Personal-a is important for a reason.<br>
Kare<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
On Thu, 26 Jan 2017, William Dudley wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Karen,<br>
<br>
If you know how to get ssh2d386 to connect to a modern openssh, as on<br>
Ubuntu 16.04,<br>
please share the recipe with us!<br>
<br>
Thanks,<br>
Bill Dudley<br>
<br>
<br>
This email is free of malware because I run Linux.<br>
<br>
On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen &lt;<a
href="mailto:[hidden email]" target="_blank">[hidden email]</a>&gt;<br>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Well, if you have given up no point in my sharing.<br>
We use the same edition of Ubuntu, both with dreamhost who has my office,<br>
and here at shellworld.<br>
While the latter requires me to make use of a few ssh2021b options, the -g<br>
option-a for example, I encounter no issues.<br>
I am going to guess that-a things like machine speed, mine is a p3 with<br>
allot of memory, impacts your situation.<br>
nor, I would hope, your-a location in the world.<br>
Sorry I did not notice your post before you abandoned-a the effort.<br>
Kare<br>
<br>
<br>
<br>
On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Am 26.01.2017 um 18:19 schrieb Karen Lewellen &lt;<a
href="mailto:[hidden email]" target="_blank">[hidden email]</a>&gt;:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br>
package ssh2021b,-a perhaps I can help you troubleshoot.<br>
<br>
</blockquote>
<br>
Hi Karen!<br>
<br>
I am using the exact same program and version.<br>
<br>
for the record, I am not using freedos, but-a the ms dos 7.10 package<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
mentioned on this list.<br>
Still every day several times a day I connect-a to two different servers<br>
using-a this package.<br>
<br>
</blockquote>
<br>
I guess your servers still run OpenSSH in versions earlier than 6.9.<br>
<br>
may I ask again what your issue is presently?<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
</blockquote>
<br>
Actually I have given up on it. I spent another day trying to get it to<br>
work, but without success.<br>
<br>
The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with<br>
OpenSSH 7.2.<br>
<br>
SSH2D386 gives the message:<br>
<br>
-a -a Expected KEX_DH_GEX_GROUP<br>
-a -a DH key exchange failed<br>
<br>
The server logs:<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol<br>
error: type 30 seq 1 [preauth]<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received<br>
disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO<br>
<br>
As I wrote I already had problems connecting to a Debian 8 server with<br>
OpenSSH 6.7.<br>
But there I could fix it with these lines in /etc/ssh/sshd_config on the<br>
server.<br>
<br>
-a -a Ciphers aes128-cbc<br>
-a -a KexAlgorithms diffie-hellman-group-exchange-<wbr>sha1<br>
-a -a MACs hmac-sha1<br>
-a -a HostKeyAlgorithms ssh-css<br>
<br>
But in OpenSSH 7.2 this didnrCOt work.<br>
<br>
What else did I try?<br>
<br>
I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.<br>
<br>
I tried to recompile OpenSSH.<br>
The first time with adding this line in in compat.c:<br>
-a -a { &quot;SSHDOS*&quot;,-a -a -a -a -a -a -a -a SSH_OLD_DHGEX },<br>
The second time with this one:<br>
-a -a { &quot;SSHDOS*&quot;,-a -a -a -a -a -a -a -a
SSH_BUG_NOREKEY|SSH_BUG_FIRSTK<wbr>EX },<br>
<br>
Both were not able to let SSH2D386 connect. It worked great with other<br>
SSH clients.<br>
<br>
The idea was that SSH2DOS uses code from PuTTY and there were already<br>
several exceptions in combat.c for old PuTTY versions. The reason seems to<br>
be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did<br>
not. See [1], [2].<br>
<br>
I even looked at the SSH2DOS source code. But I have no experience with<br>
OpenWatcom. I installed it but gave up, when I saw I also had to compile<br>
the WATT32 TCP/IP stack.<br>
<br>
SSH2DOS uses PuTTY code, which is also Free Software. So in theory it<br>
should be possible to replace the old PuTTY code with a more recent one.<br>
<br>
cheers<br>
Ulrich<br>
<br>
<br>
[1] <a href="https://forums.red-gate.com/viewtopic.php?f=198&amp;t=78958"
rel="noreferrer" target="_blank">https://forums.red-gate.com/vi<wbr>ewtopic.php?f=198&amp;t=78958</a><br>
[2] <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/"
rel="noreferrer" target="_blank">http://www.chiark.greenend.org<wbr>.uk/~sgtatham/putty/wishlist/</a><br>
rfc4419.html<br>
<br>
<br>
<br>
------------------------------<wbr>------------------------------<br>
------------------<br>
Check out the vibrant tech community on one of the world&#39;s most<br>
engaging tech sites, SlashDot.org! <a href="http://sdm.link/slashdot"
rel="noreferrer" target="_blank">http://sdm.link/slashdot</a><br>
______________________________<wbr>_________________<br>
Freedos-user mailing list<br>
<a href="mailto:[hidden email]"
target="_blank">[hidden email]<wbr>.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/freedos-user"
rel="noreferrer" target="_blank">https://lists.sourceforge.net/<wbr>lists/listinfo/freedos-user</a><br>
<br>
</blockquote>
<br>
------------------------------<wbr>------------------------------<br>
------------------<br>
Check out the vibrant tech community on one of the world&#39;s most<br>
engaging tech sites, SlashDot.org! <a href="http://sdm.link/slashdot"
rel="noreferrer" target="_blank">http://sdm.link/slashdot</a><br>
______________________________<wbr>_________________<br>
Freedos-user mailing list<br>
<a href="mailto:[hidden email]"
target="_blank">[hidden email]<wbr>.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/freedos-user"
rel="noreferrer" target="_blank">https://lists.sourceforge.net/<wbr>lists/listinfo/freedos-user</a><br>

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: Dan Schmidt <[hidden email]>

--===============3214343721392351354==
Content-Type: multipart/alternative; boundary=94eb2c1a162021ee2705470ce377

--94eb2c1a162021ee2705470ce377
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I forgot - you may need to regenerate your keys with "ssh-keygen -A" after
modifying the server.

On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <[hidden email]> wrote:

> I am unsure what it is that makes ssh2dos so unstable for me - nobody else
> has this issue?
>
> I would like to answer Ulrich on how he can modify his Ubuntu server, but
> first, a warning: These algorithms were disabled because they are obsolete
> and insecure.  Using a token based login, such as google-authenticator, may
> be advisable if your server is public facing.
>
> Firstly, add this to your server's /etc/ssh/sshd_config:
>
> KexAlgorithms diffie-hellman-group1-sha1,[hidden email],
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
> diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
> HostKeyAlgorithms +ssh-dss
>
> Then, make use of the -g option - it goes BEFORE your username in
> ssh2dos.  You should now be able to connect.
>
> I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work,
> it seems it should.  Also, I was in a rush - I may be excluding some newer
> options - report back if you find/add them with success.
>
> -Dan
>
> On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <[hidden email]>
> wrote:
>
>> Hi Bill,
>> While I appreciate your desire for wisdom, I feel rather sure  my
>> specific situation will not apply to anyone else here most likely.
>> I use ssh2d386 to  access at least one commercial shell, but those shell
>> services are maintained by others.  I am not for example accessing my own
>> server.
>> If the servers you desire reaching are run by other people,  give me an
>> example and I will try.
>> If my many years of computing has taught me anything is that the word
>> Personal  is important for a reason.
>> Kare
>>
>>
>>
>> On Thu, 26 Jan 2017, William Dudley wrote:
>>
>> Karen,
>>>
>>> If you know how to get ssh2d386 to connect to a modern openssh, as on
>>> Ubuntu 16.04,
>>> please share the recipe with us!
>>>
>>> Thanks,
>>> Bill Dudley
>>>
>>>
>>> This email is free of malware because I run Linux.
>>>
>>> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <
>>> [hidden email]>
>>> wrote:
>>>
>>> Well, if you have given up no point in my sharing.
>>>> We use the same edition of Ubuntu, both with dreamhost who has my
>>>> office,
>>>> and here at shellworld.
>>>> While the latter requires me to make use of a few ssh2021b options, the
>>>> -g
>>>> option  for example, I encounter no issues.
>>>> I am going to guess that  things like machine speed, mine is a p3 with
>>>> allot of memory, impacts your situation.
>>>> nor, I would hope, your  location in the world.
>>>> Sorry I did not notice your post before you abandoned  the effort.
>>>> Kare
>>>>
>>>>
>>>>
>>>> On Fri, 27 Jan 2017, Ulrich Hansen wrote:
>>>>
>>>>
>>>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]
>>>>> >:
>>>>>
>>>>>>
>>>>>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
>>>>>> package ssh2021b,  perhaps I can help you troubleshoot.
>>>>>>
>>>>>>
>>>>> Hi Karen!
>>>>>
>>>>> I am using the exact same program and version.
>>>>>
>>>>> for the record, I am not using freedos, but  the ms dos 7.10 package
>>>>>
>>>>>> mentioned on this list.
>>>>>> Still every day several times a day I connect  to two different
>>>>>> servers
>>>>>> using  this package.
>>>>>>
>>>>>>
>>>>> I guess your servers still run OpenSSH in versions earlier than 6.9.
>>>>>
>>>>> may I ask again what your issue is presently?
>>>>>
>>>>>>
>>>>>>
>>>>> Actually I have given up on it. I spent another day trying to get it to
>>>>> work, but without success.
>>>>>
>>>>> The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
>>>>> OpenSSH 7.2.
>>>>>
>>>>> SSH2D386 gives the message:
>>>>>
>>>>>     Expected KEX_DH_GEX_GROUP
>>>>>     DH key exchange failed
>>>>>
>>>>> The server logs:
>>>>>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
>>>>> error: type 30 seq 1 [preauth]
>>>>>     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
>>>>> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>>>>>
>>>>> As I wrote I already had problems connecting to a Debian 8 server with
>>>>> OpenSSH 6.7.
>>>>> But there I could fix it with these lines in /etc/ssh/sshd_config on
>>>>> the
>>>>> server.
>>>>>
>>>>>     Ciphers aes128-cbc
>>>>>     KexAlgorithms diffie-hellman-group-exchange-sha1
>>>>>     MACs hmac-sha1
>>>>>     HostKeyAlgorithms ssh-css
>>>>>
>>>>> But in OpenSSH 7.2 this didnrCOt work.
>>>>>
>>>>> What else did I try?
>>>>>
>>>>> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>>>>>
>>>>> I tried to recompile OpenSSH.
>>>>> The first time with adding this line in in compat.c:
>>>>>     { "SSHDOS*",                SSH_OLD_DHGEX },
>>>>> The second time with this one:
>>>>>     { "SSHDOS*",                SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>>>>>
>>>>> Both were not able to let SSH2D386 connect. It worked great with other
>>>>> SSH clients.
>>>>>
>>>>> The idea was that SSH2DOS uses code from PuTTY and there were already
>>>>> several exceptions in combat.c for old PuTTY versions. The reason
>>>>> seems to
>>>>> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS
>>>>> did
>>>>> not. See [1], [2].
>>>>>
>>>>> I even looked at the SSH2DOS source code. But I have no experience with
>>>>> OpenWatcom. I installed it but gave up, when I saw I also had to
>>>>> compile
>>>>> the WATT32 TCP/IP stack.
>>>>>
>>>>> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
>>>>> should be possible to replace the old PuTTY code with a more recent
>>>>> one.
>>>>>
>>>>> cheers
>>>>> Ulrich
>>>>>
>>>>>
>>>>> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
>>>>> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
>>>>> rfc4419.html
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>>> _______________________________________________
>>>>> Freedos-user mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>>>
>>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Freedos-user mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>>
>>>>
>>>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Freedos-user mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>
>>
>

--94eb2c1a162021ee2705470ce377
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir="ltr">I forgot - you may need to regenerate your keys with
&quot;ssh-keygen -A&quot; after modifying the server.-a</div><div
class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 26, 2017 at 10:38
PM, Dan Schmidt <span dir="ltr">&lt;<a href="mailto:[hidden email]"
target="_blank">[hidden email]</a>&gt;</span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"><div dir="ltr">I am unsure what it is that makes
ssh2dos so unstable for me - nobody else has this issue?-a<div><br>I would like
to answer Ulrich on how he can modify his Ubuntu server, but first, a warning:
These algorithms were disabled because they are obsolete and insecure.-a Using
a token based login, such as google-authenticator, may be advisable if your
server is public facing. -a</div><div><br></div><div>Firstly, add this to your
server&#39;s-a<span style="color:rgb(0,0,0)">/etc/ssh/sshd_config:</span><br><br>KexAlgorithms diffie-hellman-group1-sha1,<a href="mailto:[hidden email]" target="_blank">cur<wbr>[hidden email]</a>,<wbr>ecdh-sha2-nistp256,ecdh-sha2-<wbr>nistp384,ecdh-sha2-nistp521,<wbr>diffie-hellman-group-exchange-<wbr>sha256,diffie-hellman-group14-<wbr>sha1<br>Ciphers 3des-cbc,blowfish-cbc,aes128-<wbr>cbc,aes128-ctr,aes256-ctr<br>HostKeyAlgorithms +ssh-dss<br><br>Then, make use of the -g option - it goes BEFORE your username in ssh2dos.-a You should now be able to connect. -a</div><div><br>I do not know why simply adding +diffie-hellman-group1-sha1 doesn&#39;t work, it seems it should.-a Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success.-a</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-Dan</div></font></span></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Thu
, Jan 26, 2017 at 9:42 PM, Karen Lewellen <span dir="ltr">&lt;<a href="mailto:[hidden email]" target="_blank">[hidden email]</a>&gt;</span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">Hi Bill,<br>
While I appreciate your desire for wisdom, I feel rather sure-a my specific
situation will not apply to anyone else here most likely.<br>
I use ssh2d386 to-a access at least one commercial shell, but those shell
services are maintained by others.-a I am not for example accessing my own
server.<br>
If the servers you desire reaching are run by other people,-a give me an
example and I will try.<br>
If my many years of computing has taught me anything is that the word
Personal-a is important for a reason.<br>
Kare<div class="m_-2658655359570531662HOEnZb"><div
class="m_-2658655359570531662h5"><br>
<br>
<br>
On Thu, 26 Jan 2017, William Dudley wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Karen,<br>
<br>
If you know how to get ssh2d386 to connect to a modern openssh, as on<br>
Ubuntu 16.04,<br>
please share the recipe with us!<br>
<br>
Thanks,<br>
Bill Dudley<br>
<br>
<br>
This email is free of malware because I run Linux.<br>
<br>
On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen &lt;<a
href="mailto:[hidden email]" target="_blank">[hidden email]</a>&gt;<br>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Well, if you have given up no point in my sharing.<br>
We use the same edition of Ubuntu, both with dreamhost who has my office,<br>
and here at shellworld.<br>
While the latter requires me to make use of a few ssh2021b options, the -g<br>
option-a for example, I encounter no issues.<br>
I am going to guess that-a things like machine speed, mine is a p3 with<br>
allot of memory, impacts your situation.<br>
nor, I would hope, your-a location in the world.<br>
Sorry I did not notice your post before you abandoned-a the effort.<br>
Kare<br>
<br>
<br>
<br>
On Fri, 27 Jan 2017, Ulrich Hansen wrote:<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Am 26.01.2017 um 18:19 schrieb Karen Lewellen &lt;<a
href="mailto:[hidden email]" target="_blank">[hidden email]</a>&gt;:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
As I am presently writing this e-mail using ssh2d386 from the ssh2dos<br>
package ssh2021b,-a perhaps I can help you troubleshoot.<br>
<br>
</blockquote>
<br>
Hi Karen!<br>
<br>
I am using the exact same program and version.<br>
<br>
for the record, I am not using freedos, but-a the ms dos 7.10 package<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
mentioned on this list.<br>
Still every day several times a day I connect-a to two different servers<br>
using-a this package.<br>
<br>
</blockquote>
<br>
I guess your servers still run OpenSSH in versions earlier than 6.9.<br>
<br>
may I ask again what your issue is presently?<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
</blockquote>
<br>
Actually I have given up on it. I spent another day trying to get it to<br>
work, but without success.<br>
<br>
The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with<br>
OpenSSH 7.2.<br>
<br>
SSH2D386 gives the message:<br>
<br>
-a -a Expected KEX_DH_GEX_GROUP<br>
-a -a DH key exchange failed<br>
<br>
The server logs:<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol<br>
error: type 30 seq 1 [preauth]<br>
-a -a Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received<br>
disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO<br>
<br>
As I wrote I already had problems connecting to a Debian 8 server with<br>
OpenSSH 6.7.<br>
But there I could fix it with these lines in /etc/ssh/sshd_config on the<br>
server.<br>
<br>
-a -a Ciphers aes128-cbc<br>
-a -a KexAlgorithms diffie-hellman-group-exchange-<wbr>sha1<br>
-a -a MACs hmac-sha1<br>
-a -a HostKeyAlgorithms ssh-css<br>
<br>
But in OpenSSH 7.2 this didnrCOt work.<br>
<br>
What else did I try?<br>
<br>
I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.<br>
<br>
I tried to recompile OpenSSH.<br>
The first time with adding this line in in compat.c:<br>
-a -a { &quot;SSHDOS*&quot;,-a -a -a -a -a -a -a -a SSH_OLD_DHGEX },<br>
The second time with this one:<br>
-a -a { &quot;SSHDOS*&quot;,-a -a -a -a -a -a -a -a
SSH_BUG_NOREKEY|SSH_BUG_FIRSTK<wbr>EX },<br>
<br>
Both were not able to let SSH2D386 connect. It worked great with other<br>
SSH clients.<br>
<br>
The idea was that SSH2DOS uses code from PuTTY and there were already<br>
several exceptions in combat.c for old PuTTY versions. The reason seems to<br>
be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did<br>
not. See [1], [2].<br>
<br>
I even looked at the SSH2DOS source code. But I have no experience with<br>
OpenWatcom. I installed it but gave up, when I saw I also had to compile<br>
the WATT32 TCP/IP stack.<br>
<br>
SSH2DOS uses PuTTY code, which is also Free Software. So in theory it<br>
should be possible to replace the old PuTTY code with a more recent one.<br>
<br>
cheers<br>
Ulrich<br>
<br>
<br>
[1] <a href="https://forums.red-gate.com/viewtopic.php?f=198&amp;t=78958"
rel="noreferrer" target="_blank">https://forums.red-gate.com/vi<wbr>ewtopic.php?f=198&amp;t=78958</a><br>
[2] <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/"
rel="noreferrer" target="_blank">http://www.chiark.greenend.org<wbr>.uk/~sgtatham/putty/wishlist/</a><br>
rfc4419.html<br>
<br>
<br>
<br>
------------------------------<wbr>------------------------------<br>
------------------<br>
Check out the vibrant tech community on one of the world&#39;s most<br>

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Dan Schmidt
In reply to this post by Karen Lewellen
I am unsure what it is that makes ssh2dos so unstable for me - nobody else has this issue? 

I would like to answer Ulrich on how he can modify his Ubuntu server, but first, a warning: These algorithms were disabled because they are obsolete and insecure.  Using a token based login, such as google-authenticator, may be advisable if your server is public facing.  

Firstly, add this to your server's /etc/ssh/sshd_config:

KexAlgorithms diffie-hellman-group1-sha1,[hidden email],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
HostKeyAlgorithms +ssh-dss

Then, make use of the -g option - it goes BEFORE your username in ssh2dos.  You should now be able to connect.  

I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it should.  Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success. 

-Dan

On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <[hidden email]> wrote:
Hi Bill,
While I appreciate your desire for wisdom, I feel rather sure  my specific situation will not apply to anyone else here most likely.
I use ssh2d386 to  access at least one commercial shell, but those shell services are maintained by others.  I am not for example accessing my own server.
If the servers you desire reaching are run by other people,  give me an example and I will try.
If my many years of computing has taught me anything is that the word Personal  is important for a reason.
Kare



On Thu, 26 Jan 2017, William Dudley wrote:

Karen,

If you know how to get ssh2d386 to connect to a modern openssh, as on
Ubuntu 16.04,
please share the recipe with us!

Thanks,
Bill Dudley


This email is free of malware because I run Linux.

On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <[hidden email]>
wrote:

Well, if you have given up no point in my sharing.
We use the same edition of Ubuntu, both with dreamhost who has my office,
and here at shellworld.
While the latter requires me to make use of a few ssh2021b options, the -g
option  for example, I encounter no issues.
I am going to guess that  things like machine speed, mine is a p3 with
allot of memory, impacts your situation.
nor, I would hope, your  location in the world.
Sorry I did not notice your post before you abandoned  the effort.
Kare



On Fri, 27 Jan 2017, Ulrich Hansen wrote:


Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:

As I am presently writing this e-mail using ssh2d386 from the ssh2dos
package ssh2021b,  perhaps I can help you troubleshoot.


Hi Karen!

I am using the exact same program and version.

for the record, I am not using freedos, but  the ms dos 7.10 package
mentioned on this list.
Still every day several times a day I connect  to two different servers
using  this package.


I guess your servers still run OpenSSH in versions earlier than 6.9.

may I ask again what your issue is presently?


Actually I have given up on it. I spent another day trying to get it to
work, but without success.

The problem is that I can’t connect to an Ubuntu 16.04 LTS server with
OpenSSH 7.2.

SSH2D386 gives the message:

    Expected KEX_DH_GEX_GROUP
    DH key exchange failed

The server logs:
    Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
error: type 30 seq 1 [preauth]
    Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO

As I wrote I already had problems connecting to a Debian 8 server with
OpenSSH 6.7.
But there I could fix it with these lines in /etc/ssh/sshd_config on the
server.

    Ciphers aes128-cbc
    KexAlgorithms diffie-hellman-group-exchange-sha1
    MACs hmac-sha1
    HostKeyAlgorithms ssh-css

But in OpenSSH 7.2 this didn’t work.

What else did I try?

I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.

I tried to recompile OpenSSH.
The first time with adding this line in in compat.c:
    { "SSHDOS*",                SSH_OLD_DHGEX },
The second time with this one:
    { "SSHDOS*",                SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },

Both were not able to let SSH2D386 connect. It worked great with other
SSH clients.

The idea was that SSH2DOS uses code from PuTTY and there were already
several exceptions in combat.c for old PuTTY versions. The reason seems to
be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did
not. See [1], [2].

I even looked at the SSH2DOS source code. But I have no experience with
OpenWatcom. I installed it but gave up, when I saw I also had to compile
the WATT32 TCP/IP stack.

SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
should be possible to replace the old PuTTY code with a more recent one.

cheers
Ulrich


[1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
[2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
rfc4419.html



------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user


------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Dan Schmidt
I forgot - you may need to regenerate your keys with "ssh-keygen -A" after modifying the server. 

On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <[hidden email]> wrote:
I am unsure what it is that makes ssh2dos so unstable for me - nobody else has this issue? 

I would like to answer Ulrich on how he can modify his Ubuntu server, but first, a warning: These algorithms were disabled because they are obsolete and insecure.  Using a token based login, such as google-authenticator, may be advisable if your server is public facing.  

Firstly, add this to your server's /etc/ssh/sshd_config:

KexAlgorithms diffie-hellman-group1-sha1,[hidden email],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
HostKeyAlgorithms +ssh-dss

Then, make use of the -g option - it goes BEFORE your username in ssh2dos.  You should now be able to connect.  

I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work, it seems it should.  Also, I was in a rush - I may be excluding some newer options - report back if you find/add them with success. 

-Dan

On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <[hidden email]> wrote:
Hi Bill,
While I appreciate your desire for wisdom, I feel rather sure  my specific situation will not apply to anyone else here most likely.
I use ssh2d386 to  access at least one commercial shell, but those shell services are maintained by others.  I am not for example accessing my own server.
If the servers you desire reaching are run by other people,  give me an example and I will try.
If my many years of computing has taught me anything is that the word Personal  is important for a reason.
Kare



On Thu, 26 Jan 2017, William Dudley wrote:

Karen,

If you know how to get ssh2d386 to connect to a modern openssh, as on
Ubuntu 16.04,
please share the recipe with us!

Thanks,
Bill Dudley


This email is free of malware because I run Linux.

On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <[hidden email]>
wrote:

Well, if you have given up no point in my sharing.
We use the same edition of Ubuntu, both with dreamhost who has my office,
and here at shellworld.
While the latter requires me to make use of a few ssh2021b options, the -g
option  for example, I encounter no issues.
I am going to guess that  things like machine speed, mine is a p3 with
allot of memory, impacts your situation.
nor, I would hope, your  location in the world.
Sorry I did not notice your post before you abandoned  the effort.
Kare



On Fri, 27 Jan 2017, Ulrich Hansen wrote:


Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:

As I am presently writing this e-mail using ssh2d386 from the ssh2dos
package ssh2021b,  perhaps I can help you troubleshoot.


Hi Karen!

I am using the exact same program and version.

for the record, I am not using freedos, but  the ms dos 7.10 package
mentioned on this list.
Still every day several times a day I connect  to two different servers
using  this package.


I guess your servers still run OpenSSH in versions earlier than 6.9.

may I ask again what your issue is presently?


Actually I have given up on it. I spent another day trying to get it to
work, but without success.

The problem is that I can’t connect to an Ubuntu 16.04 LTS server with
OpenSSH 7.2.

SSH2D386 gives the message:

    Expected KEX_DH_GEX_GROUP
    DH key exchange failed

The server logs:
    Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
error: type 30 seq 1 [preauth]
    Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO

As I wrote I already had problems connecting to a Debian 8 server with
OpenSSH 6.7.
But there I could fix it with these lines in /etc/ssh/sshd_config on the
server.

    Ciphers aes128-cbc
    KexAlgorithms diffie-hellman-group-exchange-sha1
    MACs hmac-sha1
    HostKeyAlgorithms ssh-css

But in OpenSSH 7.2 this didn’t work.

What else did I try?

I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.

I tried to recompile OpenSSH.
The first time with adding this line in in compat.c:
    { "SSHDOS*",                SSH_OLD_DHGEX },
The second time with this one:
    { "SSHDOS*",                SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },

Both were not able to let SSH2D386 connect. It worked great with other
SSH clients.

The idea was that SSH2DOS uses code from PuTTY and there were already
several exceptions in combat.c for old PuTTY versions. The reason seems to
be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did
not. See [1], [2].

I even looked at the SSH2DOS source code. But I have no experience with
OpenWatcom. I installed it but gave up, when I saw I also had to compile
the WATT32 TCP/IP stack.

SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
should be possible to replace the old PuTTY code with a more recent one.

cheers
Ulrich


[1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
[2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
rfc4419.html



------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user


------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH2DOS - no connection with recent servers

Karen Lewellen-2
In reply to this post by Ulrich Hansen-2
From: Ulrich Hansen <[hidden email]>



> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <[hidden email]>:
>
> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
> package ssh2021b,  perhaps I can help you troubleshoot.

Hi Karen!

I am using the exact same program and version.

> for the record, I am not using freedos, but  the ms dos 7.10 package
> mentioned on this list.
> Still every day several times a day I connect  to two different servers
> using  this package.

I guess your servers still run OpenSSH in versions earlier than 6.9.

> may I ask again what your issue is presently?

Actually I have given up on it. I spent another day trying to get it to work,
but without success.

The problem is that I canrCOt connect to an Ubuntu 16.04 LTS server with
OpenSSH 7.2.

SSH2D386 gives the message:

     Expected KEX_DH_GEX_GROUP
     DH key exchange failed

The server logs:
     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol error:
type 30 seq 1 [preauth]
     Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received disconnect
from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO

As I wrote I already had problems connecting to a Debian 8 server with OpenSSH
6.7.
But there I could fix it with these lines in /etc/ssh/sshd_config on the
server.

     Ciphers aes128-cbc
     KexAlgorithms diffie-hellman-group-exchange-sha1
     MACs hmac-sha1
     HostKeyAlgorithms ssh-css

But in OpenSSH 7.2 this didnrCOt work.

What else did I try?

I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.

I tried to recompile OpenSSH.
The first time with adding this line in in compat.c:
     { "SSHDOS*", SSH_OLD_DHGEX },
The second time with this one:
     { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },

Both were not able to let SSH2D386 connect. It worked great with other SSH
clients.

The idea was that SSH2DOS uses code from PuTTY and there were already several
exceptions in combat.c for old PuTTY versions. The reason seems to be that
OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS did not. See
[1], [2].

I even looked at the SSH2DOS source code. But I have no experience with
OpenWatcom. I installed it but gave up, when I saw I also had to compile the
WATT32 TCP/IP stack.

SSH2DOS uses PuTTY code, which is also Free Software. So in theory it should be
possible to replace the old PuTTY code with a more recent one.

cheers
Ulrich


[1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
[2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rfc4419.html



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user

--- Internet Rex 2.29
 * Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
 *  Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/freedos-user
12
Loading...