Hosting Provided By

Re: OpenSSH_3.5p1 server, PC clients cannot connect

From: John Mendenhall <john(at)surfutopia.net>
Date: Thu Feb 20 2003 - 19:14:19 EST

Ben,

> It would be helpful if you could post somewhere a run of sshd -d -d -d
> for each version. Also disable compression and try it.
>
> SunOS 4.1.4 falls under those bad/missing mmap() platforms.

I have included a run of sshd -d -d -d for both WS_FTP Pro 7.62 and CuteFTP Pro v3 below my signature. I have also include the client messages while debugging on the client side.

I had PrivSep and Compression disabled for these runs. I also fixed my host keys pub files (they were incorrect, thanks Greg!).

However, it appears I still have some sort of problem. The WS_FTP client does not ask the user to save the keys. Is it supposed to? And, when the CuteFTP actually gets the keys, it drops the connection.

Perhaps my keys are bad? I believe the sshd is not accessing my pub keys. When I do a ls -laurt on my keys, they have not been accessed for two days?

% ls -laurt ssh_host*
-rw-r--r--    1 root     wheel         221 Feb 18 22:03 ssh_host_rsa_key.pub
-rw-r--r--    1 root     wheel         330 Feb 18 22:03 ssh_host_key.pub
-rw-r--r--    1 root     wheel         601 Feb 18 22:03 ssh_host_dsa_key.pub
-rw-------    1 root     wheel         887 Feb 20 15:48 ssh_host_rsa_key
-rw-------    1 root     wheel         526 Feb 20 15:48 ssh_host_key
-rw-------    1 root     wheel         668 Feb 20 15:48 ssh_host_dsa_key

Perhaps the server is looking elsewhere for my public keys. How do I find out or configure this information?

Do you need help?

Any other ideas?

Thank you in advance for your assistance.

JohnM

-- 
John Mendenhall
john@surfutopia.net
surf utopia
internet services



-----  sftp logs  -----


-------
WS_FTP 7.62

*** client window/dialog box after attempting to connect:
Failed SSH Key Exchange
ssh transport closed

% sudo /usr/local/sbin/sshd -u0 -d -d -d
debug3: RNG is ready, skipping seeding
debug1: sshd version OpenSSH_3.5p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 209.76.14.67 port 1323
debug1: Client protocol version 2.0; client software version WS_FTP-7.62-2002.12.18
debug1: no match: WS_FTP-7.62-2002.12.18
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 176/384
debug1: bits set: 1633/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1607/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
Connection closed by 209.76.14.67
debug1: Calling cleanup 0x2f438(0x0)
%


-------
CuteFTP

client asked to save keys
user hits yes
gets error message in dialog box:
error = #0
can't connect to sanmarcos.surfutopia.net

client messages:

*** CuteFTP Pro 3.0 - build Nov  4 2002 ***

STATUS:> Getting listing "/home/city"...
STATUS:> Initializing SFTP21 module...
STATUS:> Resolving host name sanmarcos.surfutopia.net...
STATUS:> Host name sanmarcos.surfutopia.net resolved: ip = 66.27.49.27.
STATUS:> Connecting to sftp server sanmarcos.surfutopia.net:22 (ip = 66.27.49.27)...
ERROR:>  A timeout occurred.
ERROR:>  Can't connect to sanmarcos.surfutopia.net:22. SFTP21 error = #0.
STATUS:> SFTP21 connection closed.

server messages:

% sudo /usr/local/sbin/sshd -u0 -d -d -d
debug3: RNG is ready, skipping seeding
debug1: sshd version OpenSSH_3.5p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 209.76.14.67 port 1335
debug1: Client protocol version 1.99; client software version 1.0
debug1: no match: 1.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 3des-cbc,arcfour,cast128-cbc,twofish-cbc,blowfish-cbc
debug2: kex_parse_kexinit: 3des-cbc,arcfour,cast128-cbc,twofish-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 177/384
debug1: bits set: 536/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: bits set: 499/1024
debug1: kex_derive_keys
debug1: newkeys: mode 1
Don't know where to look next? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
Read from socket failed: Connection reset by peer
debug1: Calling cleanup 0x2f438(0x0)
%

Received on Thu Feb 20 19:20:26 2003

This message: [ Message body ]
Next message: Peter Richard: "Re: scp2 standard error in cron script"
Previous message: qing.lu(at)kodak.com: "make x.509 certificate authentication work with ssh"
In reply to Ben Lindstrom: "Re: OpenSSH_3.5p1 server, PC clients cannot connect"
Next in thread: John Mendenhall: "Re: OpenSSH_3.5p1 server, some PC clients cannot connect"
Reply: John Mendenhall: "Re: OpenSSH_3.5p1 server, some PC clients cannot connect"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:54 EDT