[lug] openssh server update
Hugh Brown
hugh at vecna.com
Mon Mar 11 15:30:30 MST 2002
This is what I get:
sshd -d -d -d -p 24
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 24 on 0.0.0.0.
Server listening on 0.0.0.0 port 24.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from ###.###.###.### port 62898
debug1: Client protocol version 1.5; client software version
OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat OpenSSH*
debug1: Local version string SSH-1.99-OpenSSH_3.1p1
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: blowfish
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
Disconnecting: Corrupted check bytes on input.
debug1: Calling cleanup 0x8065f90(0x0)
On Mon, 2002-03-11 at 16:37, John Hernandez wrote:
> Same scenario works on two of my systems:
>
> [user at client ~]$ ssh -1 -v server
> OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Seeding random number generator
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 500 geteuid 0 anon 1
> debug1: Connecting to server [x.x.x.x] port 22.
> debug1: temporarily_use_uid: 500/500 (e=0)
> debug1: restore_uid
> debug1: temporarily_use_uid: 500/500 (e=0)
> debug1: restore_uid
> debug1: Connection established.
> debug1: read PEM private key done: type DSA
> debug1: read PEM private key done: type RSA
> debug1: identity file /home/user/.ssh/identity type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
> debug1: match: OpenSSH_3.1p1 pat ^OpenSSH
> debug1: Local version string SSH-1.5-OpenSSH_2.9p2
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key (1024 bits).
> debug1: Host 'server' is known and matches the RSA1 host key.
> debug1: Found key in /home/user/.ssh/known_hosts:1
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Doing password authentication.
> user at server's password:
> debug1: Requesting pty.
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug1: Requesting shell.
> debug1: Entering interactive session.
>
> Where does yours die when you run with the -d flag?
>
> Hugh Brown wrote:
>
> > on my server:
> >
> >
> > [server]# grep -v "^#" /etc/ssh/sshd_config
> >
> > Port 22
> > Protocol 2,1
> > HostKey /etc/ssh/ssh_host_key
> > HostKey /etc/ssh/ssh_host_rsa_key
> > HostKey /etc/ssh/ssh_host_dsa_key
> > KeyRegenerationInterval 3600
> > ServerKeyBits 768
> > SyslogFacility AUTHPRIV
> > LogLevel INFO
> > LoginGraceTime 600
> > StrictModes yes
> > X11Forwarding yes
> > Subsystem sftp /usr/libexec/openssh/sftp-server
> >
> > [server]# ssh -v localhost
> > OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
> > debug1: Remote protocol version 1.99, remote software version
> > OpenSSH_3.1p1
> >
> >
> > [client]$ ssh -V
> > OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
> >
> > [client]$ ssh -1 server
> > Disconnecting: Corrupted check bytes on input.
> >
> >
> > The windows clients get similar problems.
> >
> > Hugh
> >
> > On Mon, 2002-03-11 at 15:40, Jonathan Briggs wrote:
> >
> >>Did you put Protocol 2,1 in your sshd_config file? I believe it used to
> >>default to Protocol 2,1, but now it defaults to only Protocol 2.
> >>I believe it still supports version 1 however.
> >>
> >>I just tested it. Yeah, it supports version 1. Try fixing your
> >>sshd_config file.
> >>
> >>Hugh Brown wrote:
> >>
> >>
> >>>I dutifully updated openssh on all of my servers, now as I side result.
> >>>I can't connect to them using ssh v1 from putty or from older openssh
> >>>clients.
> >>>
> >>>I get
> >>>Corrupted check bytes on input.
> >>>
> >>>
> >>>Or CRC errors on windows.
> >>>
> >>>The reason I care is that we are tunneling cvs over ssh which is
> >>>bouncing through a firewall. I have a few windows users that rely upon
> >>>putty and wincvs. I couldn't get putty to do agent forwarding for
> >>>sshv2. If I could get that to work, all of the above is moot.
> >>>
> >>>
> >>>Help.
> >>>
> >>>Hugh
> >>>
> >
> >
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
>
>
> --
>
> - John Hernandez - Network Engineer - 303-497-6392 -
> | National Oceanic and Atmospheric Administration |
> | Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
> ----------------------------------------------------
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list