|
Grex > Garage > #60: Client-dependent connection trouble | |
|
| Author |
Message |
papa
|
|
Client-dependent connection trouble
| 
Nov 13 23:48 UTC 2020 |
For about the last week several of us Grex users have been having
trouble connecting to Grex that seems to be dependent on the SSH
client we are using.
For example, although it worked fine last week and I have not
knowingly made any changes on my side, I now cannot connect from
my Puppy Linux system where I'm using OpenSSH 6.6.1p1. But I can
connect from Windows (PuTTY), SDF (OpenSSH 8.0p1), and my
Android tablet (ConnectBot 1.9.6-oss).
I will try updating OpenSSH, but has something changed on the
server that might be disagreeing with some clients?
|
| 8 responses total. |
papa
|
|
response 1 of 8:
|
Nov 15 23:57 UTC 2020 |
rak reported a work-around on party. I haven't tried it yet, but others
have with success.
rak: right, so I looked into it (ssh -vvv grex.org) and the
connection hangs at "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY".
rak: after some googling, I found a work-around: explicitly specify
a non ecdh cipher. For example, the following works:
ssh -c aes256-gcm@openssh.com grex.org
|
kentn
|
|
response 2 of 8:
|
Nov 16 01:52 UTC 2020 |
Yes, I've seen that solution, as well. That's where the connection
hung up for me. I think it might do with the length of the cipher
value, possibly and reconstructing that over the network.
Usually ssh tries to find a cipher in agreement on both sides of
the connection. And that could come out with something that doesn't
work.
|
papa
|
|
response 3 of 8:
|
Nov 16 23:21 UTC 2020 |
This response has been erased.
|
papa
|
|
response 4 of 8:
|
Nov 16 23:23 UTC 2020 |
Cause of the problem: resp:agora:4:219
|
papa
|
|
response 5 of 8:
|
Nov 16 23:29 UTC 2020 |
For your information, I tried deleting grex.org from my .ssh/known_hosts file
(on my client PC) in case the connection problem was caused by a mismatch
between the key saved in my known_hosts and the servers new network
configuration, but it had no effect.
|
kentn
|
|
response 6 of 8:
|
Nov 18 02:22 UTC 2020 |
Yes, that would be true, most likely (no effect) unless Grex changed it's
information, in which case, ssh would complain.
I'm just sticking with an MTU that works, currently. If I get more time
to mess around with it, I'll try other solutions.
|
papa
|
|
response 7 of 8:
|
Nov 18 06:55 UTC 2020 |
I succeeded in connecting to Grex from my Puppy Linux system by 1) installing
OpenSSH 8.4p1, AND 2) using rak's work-around "ssh -c aes256-gcm@openssh.com
papa@grex.org".
Updating OpenSSH by itself had no effect. Using rak's work-around with the
old OpenSSH 6.6.1p1 had no effect.
|
kentn
|
|
response 8 of 8:
|
Nov 18 13:02 UTC 2020 |
Thanks for the update! I've got OpenSSH_7.8p1 on the one that was
having issues connecting. I have 8.4p1 in ports. Will try some of this
when I have a chance.
|