[Info-vax] 3par ssh connection
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon May 20 10:54:59 EDT 2019
On 2019-05-20 09:57:41 +0000, mepetya said:
> My problem is that I can't access 3par CLI interface with ssh.
> We use OpenVMS 8.4 on IA64 and HP TCP/IP v5.7 ECO5.
> ...
> debug(18-APR-2019 10:31:33.75): SshUnixTcp/SSHUNIXTCP.C:1758: using
> local hostname igeza.apeh.local
You're squatting in an RFC-reserved domain.
> debug(18-APR-2019 10:31:33.76): Ssh2Common/SSHCOMMON.C:541: local ip =
> 10.21.1.39, local port = 49163
> debug(18-APR-2019 10:31:33.76): Ssh2Common/SSHCOMMON.C:543: remote ip =
> xx.xx.xx.xx, remote port = 22
> debug(18-APR-2019 10:31:33.76): SshConnection/SSHCONN.C:2584: Wrapping...
> debug(18-APR-2019 10:31:33.76): SshReadLine/SSHREADLINE.C:3662:
> Initializing ReadLine...
> debug(18-APR-2019 10:31:43.75): Remote version: SSH-2.0-OpenSSH_6.6.1p1
> Debian-4~bpo70+1
> debug(18-APR-2019 10:31:43.76): OpenSSH: Major: 6 Minor: 6 Revision: 1
> debug(18-APR-2019 10:31:43.76): Ssh2Transport/TRCOMMON.C:1857: All
> versions of OpenSSH handle kex guesses incorrectly.
> debug(18-APR-2019 10:31:43.76): Ssh2Transport/TRCOMMON.C:1935: Using
> Client order for common key exchange algorithms.
> debug(18-APR-2019 10:31:43.76): Ssh2Transport/TRCOMMON.C:1139: Sending
> packet with type 2 to connection
> debug(18-APR-2019 10:31:43.76): Ssh2Transport/TRCOMMON.C:1139: Sending
> packet with type 20 to connection
> debug(18-APR-2019 10:31:43.76): Ssh2Transport/TRCOMMON.C:2832: >TR
> packet_type=20
> debug(18-APR-2019 10:31:43.76): Ssh2Transport/TRCOMMON.C:2123:
> Algorithm negotiation failed for c_to_s_mac: client list:
> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96 vs. server list :
> hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-ripemd160-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128 at openssh.com
>
> debug(18-APR-2019 10:31:43.77): Ssh2Transport/TRCOMMON.C:2123:
> Algorithm negotiation failed for s_to_c_mac: client list:
> hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96 vs. server list :
> hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-ripemd160-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128 at openssh.com
>
> debug(18-APR-2019 10:31:43.77): Ssh2Transport/TRCOMMON.C:2394: lang s
> to c: `', lang c to s: `'
> debug(18-APR-2019 10:31:43.77): Ssh2Transport/TRCOMMON.C:2410: Couldn't
> agree on kex or hostkey alg. (chosen_kex = NULL, chosen_host_key =
> ssh-dss)
> debug(18-APR-2019 10:31:43.77): Ssh2Transport/TRCOMMON.C:1139: Sending
> packet with type 2 to connection
> debug(18-APR-2019 10:31:43.78): Ssh2Transport/TRCOMMON.C:1139: Sending
> packet with type 1 to connection
> debug(18-APR-2019 10:31:43.78): Ssh2Common/SSHCOMMON.C:180: DISCONNECT
> received: Algorithm negotiation failed.
> debug(18-APR-2019 10:31:43.78): SshReadLine/SSHREADLINE.C:3728:
> Uninitializing ReadLine...
> warning: Authentication failed.
> debug(18-APR-2019 10:31:43.78): Ssh2/SSH2.C:327: locally_generated = TRUE
> Disconnected; key exchange or algorithm negotiation failed (Algorithm
> negotiation failed.).
Ring up HPE Support and confirm that you have the current ssh patch.
You'll want V5.7-ECO5D or V5.7-ECO5F or later; the labeling on some of
the patches was a little odd.
Access to this and other patches does require support, either from HPE or VSI.
As you're on HPE OpenVMS I64 V8.4, you could choose to acquire licenses
and support for and migrate to VSI OpenVMS I64 V8.4-2L1. This as HPE
is entirely exiting the new-patches business in ~19 months.
VSI are in the midst of replacing the TCP/IP Services IP stack with a
fork of the Process Multinet IP stack, but the folks at VSI do also
have the current HPE TCP/IP Services ssh patch available for folks
running the VSI OpenVMS releases.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list