VSI OpenVMS Forum

The official board to discuss OpenVMS-related topics
https://forum.vmssoftware.com/

SSH-settings 9.2.1

https://forum.vmssoftware.com/viewtopic.php?f=1&t=8850

Page 1 of 1

SSH-settings 9.2.1

Posted: Tue Sep 19, 2023 2:52 am
by niklas
Hi,

Getting this problem when trying to connect from an old 8.4 installation to a new 9.2.1 server.

Code: Select all

warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).
Log from 9.2.1 server

Code: Select all

Unable to negotiate with 192.168.91.85 port 0: no matching cipher found. Their offer: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
Tried several configs in SSHD_CONFIG. but with no luck, just results in ssh crashing when it receives a connection.
Anyone has any suggestions on how to get SSH on 9.2.1 to accept old & unsecure encryptions/algorithms ?

Re: SSH-settings 9.2.1

Posted: Wed Sep 20, 2023 4:12 pm
by dmjb
What modifications did you make to your SSHD_CONFIG file?

Re: SSH-settings 9.2.1

Posted: Thu Sep 21, 2023 2:52 am
by martinv
Just did a quick test from

Code: Select all

$ tcpip show version

  HP TCP/IP Services for OpenVMS Alpha Version V5.7
  on an AlphaServer 400 4/166 running OpenVMS V8.4

$ ssh x86vms
   warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).
Updated TCPIP Services 5.7 to ECO5 and:

Code: Select all

$ tcpip show version

  HP TCP/IP Services for OpenVMS Alpha Version V5.7 - ECO 5
  on an AlphaServer 400 4/166 running OpenVMS V8.4

$ ssh x86vms

 Welcome to OpenVMS (TM) x86_64 Operating System, Version V9.2-1
system's password:

Authentication successful.
For completeness: After the update to ECO5 it has

Code: Select all

$ ssh -h
...
Supported ciphers:

  3des-cbc,aes256-cbc,aes192-cbc,aes128-cbc,aes256-ctr,aes192-ctr,aes128-ctr,
blowfish-cbc,twofish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,
des-cbc@ssh.com,cast128-cbc,rc2-cbc@ssh.com,arcfour,none

Supported MAC algorithms:

  hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha256@ssh.com,
hmac-sha256-96@ssh.com,hmac-ripemd160@ssh.com,hmac-ripemd160-96@ssh.com,
hmac-tiger128@ssh.com,hmac-tiger128-96@ssh.com,hmac-tiger160@ssh.com,
hmac-tiger160-96@ssh.com,hmac-tiger192@ssh.com,hmac-tiger192-96@ssh.com,none

Re: SSH-settings 9.2.1

Posted: Thu Sep 21, 2023 3:16 am
by niklas
Can see that we are running ECO4 on the IA64 server, so updating it to ECO5 probably solves the problem then.
CanĀ“t really update it now since its our build/dev server, so guessing telnet/ftp have to do for now.
Thanks for all the help!
//Niklas
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/