No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help
View Responses

Grex Garage Item 60: Client-dependent connection trouble
Entered by papa on Fri Nov 13 23:48:29 UTC 2020: 

For about the last week several of us Grex users have been having
trouble connecting to Grex that seems to be dependent on the SSH
client we are using.

For example, although it worked fine last week and I have not 
knowingly made any changes on my side, I now cannot connect from 
my Puppy Linux system where I'm using OpenSSH 6.6.1p1. But I can 
connect from Windows (PuTTY), SDF (OpenSSH 8.0p1), and my 
Android tablet (ConnectBot 1.9.6-oss).

I will try updating OpenSSH, but has something changed on the 
server that might be disagreeing with some clients?

8 responses total.


#1 of 8 by papa on Sun Nov 15 23:57:01 2020: 

rak reported a work-around on party. I haven't tried it yet, but others 
have with success.

     rak: right, so I looked into it (ssh -vvv grex.org) and the 
     connection hangs at "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY". 
     rak: after some googling, I found a work-around: explicitly specify 
     a non ecdh cipher. For example, the following works: 
     ssh -c aes256-gcm@openssh.com grex.org

#2 of 8 by kentn on Mon Nov 16 01:52:23 2020: 

Yes, I've seen that solution, as well.  That's where the connection
hung up for me.  I think it might do with the length of the cipher
value, possibly and reconstructing that over the network.
Usually ssh tries to find a cipher in agreement on both sides of
the connection.  And that could come out with something that doesn't
work.

#3 of 8 by papa on Mon Nov 16 23:21:37 2020:

This response has been erased.


#4 of 8 by papa on Mon Nov 16 23:23:35 2020: 

Cause of the problem: resp:agora:4:219

#5 of 8 by papa on Mon Nov 16 23:29:10 2020: 

For your information, I tried deleting grex.org from my .ssh/known_hosts file
(on my client PC) in case the connection problem was caused by a mismatch
between the key saved in my known_hosts and the servers new network
configuration, but it had no effect.

#6 of 8 by kentn on Wed Nov 18 02:22:24 2020: 

Yes, that would be true, most likely (no effect) unless Grex changed it's
information, in which case, ssh would complain.
 
I'm just sticking with an MTU that works, currently.  If I get more time
to mess around with it, I'll try other solutions.

#7 of 8 by papa on Wed Nov 18 06:55:37 2020: 

I succeeded in connecting to Grex from my Puppy Linux system by 1) installing
OpenSSH 8.4p1, AND 2) using rak's work-around "ssh -c aes256-gcm@openssh.com
papa@grex.org". 

Updating OpenSSH by itself had no effect. Using rak's work-around with the
old OpenSSH 6.6.1p1 had no effect.

#8 of 8 by kentn on Wed Nov 18 13:02:33 2020: 

Thanks for the update!  I've got OpenSSH_7.8p1 on the one that was
having issues connecting.  I have 8.4p1 in ports.  Will try some of this
when I have a chance.

Response not possible - You must register and login before posting.

No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss