[Info-vax] TCPWare SSH client/server question

Michael C superseth369 at gmail.com
Mon Jan 25 14:53:18 EST 2021 

On Monday, January 11, 2021 at 8:47:30 AM UTC-5, Chris Townley wrote:
> On 11/01/2021 13:28, Richard Whalen wrote: 
> > On Thursday, January 7, 2021 at 9:04:02 AM UTC-5, Chris Townley wrote: 
> >> Not sure if I am being silly, but I now have 2 nodes running tcpware 
> >> (TCPware(R) V6.0-0 Copyright (c) Process Software, OpenVMS version V8.4-2L1) 
> >> I have only enabled ssh2 connections. 
> >> 
> >> If I connect from PC I connect fine, but if I connect from VMS, I get 
> >> the key exchange error 
> >> 
> >> warning: Could not read private key DKA100:[TOWNLEYC.SSH2]ID_RSA_MERLIN 
> >> 
> >> and I get prompted for password. 
> >> 
> >> Looking at the file protections: 
> >> 
> >> SSH2.DIR;1 [CCT,TOWNLEYC] (RWE,RWE,RE,E) 
> >> 
> >> ID_RSA_MERLIN.;2 [CCT,TOWNLEYC] (RW,RW,,) 
> >> ID_RSA_MERLIN.PUB;2 [CCT,TOWNLEYC] (RWED,RWED,RE,R) 
> >> 
> >> Seems OK to me, so I must be missing something. 
> >> 
> >> 
> >> Any suggestions? 
> >> 
> >> 
> >> Chris 
> > 
> > 
> > 
> > Sounds like a configuration error to me. Try SSH/DEBUG=4 and look for the following section: 
> > 
> > debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:65: kex_algorithms = ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman 
> > -group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-g 
> > roup1-sha1 
> > debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:66: host_key_algorithms = x509v3-ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa 
> > -sha2-nistp256,x509v3-ssh-dss,x509v3-ssh-rsa,x509v3-rsa2048-sha256,x509v3-sign-dss,x509v3-sign-rsa,ecdsa-sha2-nistp521,ecdsa-sha2-ni 
> > stp384,ecdsa-sha2-nistp256,rsa2048-sha256,ssh-dss,ssh-rsa 
> > debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:67: ciphers_c_to_s = aes12... at openssh.com,aes25... at openssh.com,aes128-ctr,aes128-cbc,aes 
> > 192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,none 
> > debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:68: ciphers_s_to_c = aes12... at openssh.com,aes25... at openssh.com,aes128-ctr,aes128-cbc,aes 
> > 192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,none 
> > debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:69: macs_c_to_s = hmac-sha2-256,hmac-sha2-512,hmac-sha256,hmac-sha1,hmac-md5,none 
> > debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:70: macs_s_to_c = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,none 
> > debug: (08:19:56)Ssh2Client/SSHCLIENT.C;5:1819: Creating transport protocol. 
> > debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:115: client_wrap already have params 
> > debug: (08:19:56)Ssh2Transport/TRCOMMON.C;6:4319: available kex algorithms:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 
> > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,di 
> > ffie-hellman-group1-sha1 
> > debug: (08:19:56)Ssh2Transport/TRCOMMON.C;6:4337: guessed kex ecdh-sha2-nistp256, host key x509v3-ecdsa-sha2-nistp521 
> > debug: (08:19:56)SshProtoTrKex/TRKEX.C;4:1017: have SshKexType object for ecdh-sha2-nistp256 
> > 
> > Also, make sure that both systems have recent SSHB patches. 
> > - Correct an error in Group Exchange Key Exchange for group 18. 
> > SSHB_V602P040 ECO Rank 3 8-Jul-2019 
> >
> As I said further to this, I think the problem is due to it being an RSA 
> key - SSH2 client seems not to support RSA keys. Just the error message 
> is misleading - debug doesn't add to that. 
> 
> At least TCPWare is more up to date than TCP/IP services... 
> 
> 
> Chris

since TCPware is written for the VMS kernel and runs the fastest and is superior in functionality why not allow VSI to use
TCPware on VMS to replace UCX?

More information about the Info-vax mailing list