I forgot - you may need to regenerate your keys with "ssh-keygen -A" after
modifying the server.
On Thu, Jan 26, 2017 at 10:38 PM, Dan Schmidt <helpdesk...@gmail.com> wrote:
> I am unsure what it is that makes ssh2dos so unstable for me - nobody else
> has this issue?
>
> I would like to answer Ulrich on how he can modify his Ubuntu server, but
> first, a warning: These algorithms were disabled because they are obsolete
> and insecure. Using a token based login, such as google-authenticator, may
> be advisable if your server is public facing.
>
> Firstly, add this to your server's /etc/ssh/sshd_config:
>
> KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha...@libssh.org,
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
> diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
> HostKeyAlgorithms +ssh-dss
>
> Then, make use of the -g option - it goes BEFORE your username in
> ssh2dos. You should now be able to connect.
>
> I do not know why simply adding +diffie-hellman-group1-sha1 doesn't work,
> it seems it should. Also, I was in a rush - I may be excluding some newer
> options - report back if you find/add them with success.
>
> -Dan
>
> On Thu, Jan 26, 2017 at 9:42 PM, Karen Lewellen <klewel...@shellworld.net>
> wrote:
>
>> Hi Bill,
>> While I appreciate your desire for wisdom, I feel rather sure my
>> specific situation will not apply to anyone else here most likely.
>> I use ssh2d386 to access at least one commercial shell, but those shell
>> services are maintained by others. I am not for example accessing my own
>> server.
>> If the servers you desire reaching are run by other people, give me an
>> example and I will try.
>> If my many years of computing has taught me anything is that the word
>> Personal is important for a reason.
>> Kare
>>
>>
>>
>> On Thu, 26 Jan 2017, William Dudley wrote:
>>
>> Karen,
>>>
>>> If you know how to get ssh2d386 to connect to a modern openssh, as on
>>> Ubuntu 16.04,
>>> please share the recipe with us!
>>>
>>> Thanks,
>>> Bill Dudley
>>>
>>>
>>> This email is free of malware because I run Linux.
>>>
>>> On Thu, Jan 26, 2017 at 9:10 PM, Karen Lewellen <
>>> klewel...@shellworld.net>
>>> wrote:
>>>
>>> Well, if you have given up no point in my sharing.
>>>> We use the same edition of Ubuntu, both with dreamhost who has my
>>>> office,
>>>> and here at shellworld.
>>>> While the latter requires me to make use of a few ssh2021b options, the
>>>> -g
>>>> option for example, I encounter no issues.
>>>> I am going to guess that things like machine speed, mine is a p3 with
>>>> allot of memory, impacts your situation.
>>>> nor, I would hope, your location in the world.
>>>> Sorry I did not notice your post before you abandoned the effort.
>>>> Kare
>>>>
>>>>
>>>>
>>>> On Fri, 27 Jan 2017, Ulrich Hansen wrote:
>>>>
>>>>
>>>> Am 26.01.2017 um 18:19 schrieb Karen Lewellen <klewel...@shellworld.net
>>>>> >:
>>>>>
>>>>>>
>>>>>> As I am presently writing this e-mail using ssh2d386 from the ssh2dos
>>>>>> package ssh2021b, perhaps I can help you troubleshoot.
>>>>>>
>>>>>>
>>>>> Hi Karen!
>>>>>
>>>>> I am using the exact same program and version.
>>>>>
>>>>> for the record, I am not using freedos, but the ms dos 7.10 package
>>>>>
>>>>>> mentioned on this list.
>>>>>> Still every day several times a day I connect to two different
>>>>>> servers
>>>>>> using this package.
>>>>>>
>>>>>>
>>>>> I guess your servers still run OpenSSH in versions earlier than 6.9.
>>>>>
>>>>> may I ask again what your issue is presently?
>>>>>
>>>>>>
>>>>>>
>>>>> Actually I have given up on it. I spent another day trying to get it to
>>>>> work, but without success.
>>>>>
>>>>> The problem is that I can’t connect to an Ubuntu 16.04 LTS server with
>>>>> OpenSSH 7.2.
>>>>>
>>>>> SSH2D386 gives the message:
>>>>>
>>>>> Expected KEX_DH_GEX_GROUP
>>>>> DH key exchange failed
>>>>>
>>>>> The server logs:
>>>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: kex protocol
>>>>> error: type 30 seq 1 [preauth]
>>>>> Jan 27 00:02:22 ubuntu-VirtualBox sshd[2651]: error: Received
>>>>> disconnect from 192.168.1.110 port 645:3: Expected KEX_DH_GEX_GRO
>>>>>
>>>>> As I wrote I already had problems connecting to a Debian 8 server with
>>>>> OpenSSH 6.7.
>>>>> But there I could fix it with these lines in /etc/ssh/sshd_config on
>>>>> the
>>>>> server.
>>>>>
>>>>> Ciphers aes128-cbc
>>>>> KexAlgorithms diffie-hellman-group-exchange-sha1
>>>>> MACs hmac-sha1
>>>>> HostKeyAlgorithms ssh-css
>>>>>
>>>>> But in OpenSSH 7.2 this didn’t work.
>>>>>
>>>>> What else did I try?
>>>>>
>>>>> I tried to set MTU=576 in C:\FDOS\WATTCP.CFG.
>>>>>
>>>>> I tried to recompile OpenSSH.
>>>>> The first time with adding this line in in compat.c:
>>>>> { "SSHDOS*", SSH_OLD_DHGEX },
>>>>> The second time with this one:
>>>>> { "SSHDOS*", SSH_BUG_NOREKEY|SSH_BUG_FIRSTKEX },
>>>>>
>>>>> Both were not able to let SSH2D386 connect. It worked great with other
>>>>> SSH clients.
>>>>>
>>>>> The idea was that SSH2DOS uses code from PuTTY and there were already
>>>>> several exceptions in combat.c for old PuTTY versions. The reason
>>>>> seems to
>>>>> be that OpenSSH implemented RFC4419 and old PuTTY versions and SSH2DOS
>>>>> did
>>>>> not. See [1], [2].
>>>>>
>>>>> I even looked at the SSH2DOS source code. But I have no experience with
>>>>> OpenWatcom. I installed it but gave up, when I saw I also had to
>>>>> compile
>>>>> the WATT32 TCP/IP stack.
>>>>>
>>>>> SSH2DOS uses PuTTY code, which is also Free Software. So in theory it
>>>>> should be possible to replace the old PuTTY code with a more recent
>>>>> one.
>>>>>
>>>>> cheers
>>>>> Ulrich
>>>>>
>>>>>
>>>>> [1] https://forums.red-gate.com/viewtopic.php?f=198&t=78958
>>>>> [2] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
>>>>> rfc4419.html
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>>> _______________________________________________
>>>>> Freedos-user mailing list
>>>>> Freedos-user@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>>>
>>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Freedos-user mailing list
>>>> Freedos-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>>>
>>>>
>>>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Freedos-user mailing list
>> Freedos-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/freedos-user
>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
