[Info-vax] SSH from VMS to 3Par

pcoviello at gmail.com pcoviello at gmail.com
Sun Oct 10 16:40:49 EDT 2021 

On Wednesday, October 6, 2021 at 3:19:25 PM UTC-4, Dave Froble wrote:
> On 10/6/2021 12:26 PM, Stephen Hoffman wrote: 
> > On 2021-10-06 16:13:02 +0000, pcov... at gmail.com said: 
> > 
> >> On Wednesday, October 6, 2021 at 11:12:30 AM UTC-4, Stephen Hoffman 
> >> wrote: 
> >>> On 2021-10-06 15:06:49 +0000, pcov... at gmail.com said: 
> >>> 
> >>>> has anybody done this successfully and how? 
> >>>> 
> >>>> evidently the ciphers on both systems can't agree and close the 
> >>>> connection. is it doable if I have a key on both systems that I've 
> >>>> generated on my pc? and if so where do I place it on VMS? the 3Par 
> >>>> has an add option. 
> >>> 
> >>> If you're not on V5.7 ECO5c or higher (ECO5o is current on Itanium, 
> >>> and ECO5c is per-call on Alpha), get there, and try ssh again. 
> >>> 
> >>> If things fail then, use ssh -vvvvvv and check the results of the 
> >>> negotiation for the key exchange and the cipher from what is 
> >>> available on both ends of whichever version of 3PAR and OpenVMS 
> >>> you're using here. 
> >> 
> >> thanks I'll look for it, why didn't anyone from VSI recommend this 
> >> when I called it in. sigh 
> >> I'm on VSI I64VMS TCPIP V5.7-13ECO5B and I have the latest SSH patch 
> >> too. 
> > 
> > Why doesn't OpenVMS itself notify the system administrator^Wmanager that 
> > the server is down-revision? Sigh. Alas, we all get to track this 
> > manually, or with our own tooling. VSI does have some new tool arriving 
> > here, though details are sparse. 
> > 
> > One VSI ssh patch featured an interesting collection of directions, and 
> > the installation instructions were, well, in conflict with the provided 
> > files. That boo-boo won't hit your case here, though. 
> > 
> > Fetch ECO5o from the VSI patch server if that's not already installed, 
> > and try ssh again.
> After applying ECO5O I was able to access via SFTP systems with the 
> latest encryption. At least for a couple of weeks until newer stuff 
> gets used. 
> 
> :-)
> > Then ssh -vvvvv and check for the details of the negotiation failure, if 
> > an error arises. 
> > 
> > 
> > 
> 
> 
> --
> David Froble Tel: 724-529-0450 
> Dave Froble Enterprises, Inc. E-Mail: da... at tsoft-inc.com 
> DFE Ultralights, Inc. 
> 170 Grimplin Road 
> Vanderbilt, PA 15486

PRODUCT                              KIT TYPE    OPERATION   VAL DATE
------------------------------------ ----------- ----------- --- -----------
VSI I64VMS TCPIP_PAT V5.7-ECO5O      Patch       Install     Val 10-OCT-2021

installed the latest and same results  sigh

$ ssh 3paradm at 10.128.20.13
warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).



$ ssh 3paradm at 10.128.20.13 -v
debug(10-OCT-2021 16:31:40.80): Connecting to 10.128.20.13, port 22... (SOCKS not used)
debug(10-OCT-2021 16:31:40.80): Ssh2/SSH2.C:2897: Entering event loop.
debug(10-OCT-2021 16:31:40.81): Ssh2Client/SSHCLIENT.C:1666: Creating transport protocol.
debug(10-OCT-2021 16:31:40.81): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "hostbased" to usable methods.
debug(10-OCT-2021 16:31:40.81): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "publickey" to usable methods.
debug(10-OCT-2021 16:31:40.81): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "password" to usable methods.
debug(10-OCT-2021 16:31:40.81): Ssh2Client/SSHCLIENT.C:1707: Creating userauth protocol.
debug(10-OCT-2021 16:31:40.81): client supports 3 auth methods: 'hostbased,publickey,password'
debug(10-OCT-2021 16:31:40.81): SshUnixTcp/SSHUNIXTCP.C:1758: using local hostname facst1.ccsusa.com
debug(10-OCT-2021 16:31:40.81): Ssh2Common/SSHCOMMON.C:541: local ip = 10.128.18.15, local port = 49182
debug(10-OCT-2021 16:31:40.81): Ssh2Common/SSHCOMMON.C:543: remote ip = 10.128.20.13, remote port = 22
debug(10-OCT-2021 16:31:40.81): SshConnection/SSHCONN.C:2601: Wrapping...
debug(10-OCT-2021 16:31:40.81): SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine...
debug(10-OCT-2021 16:31:40.81): Remote version: SSH-2.0-OpenSSH_7.5p1 Debian-5
debug(10-OCT-2021 16:31:40.81): OpenSSH: Major: 7 Minor: 5 Revision: 0
debug(10-OCT-2021 16:31:40.81): Ssh2Transport/TRCOMMON.C:1876: All versions of OpenSSH handle kex guesses incorrectly.
debug(10-OCT-2021 16:31:40.81): Ssh2Transport/TRCOMMON.C:1954: Using Client order for common key exchange algorithms.
debug(10-OCT-2021 16:31:40.81): Ssh2Transport/TRCOMMON.C:3631: local kexinit: kex algs = diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 2 to connection
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 20 to connection
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2854: >TR packet_type=20
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2197: Computing algorithms from key exchange.
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2260: client: kex = diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,
 hk_alg = ssh-dss,ssh-rsa,x509v3-sign-dss,x509v3-sign-rsa
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2262: server: kex = diffie-hellman-group-exchange-sha256, hk_alg = ssh-rsa,
rsa-sha2-512,rsa-sha2-256
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2142: Algorithm negotiation failed for c_to_s_mac: client list: hmac-sha1,h
mac-sha1-96,hmac-md5,hmac-md5-96 vs. server list : hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sh
a2-256
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2142: Algorithm negotiation failed for s_to_c_mac: client list: hmac-sha1,h
mac-sha1-96,hmac-md5,hmac-md5-96 vs. server list : hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sh
a2-256
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2413: lang s to c: `', lang c to s: `'
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2429: Couldn't agree on kex or hostkey alg. (chosen_kex = NULL, chosen_host
_key = ssh-rsa)
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 2 to connection
debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 1 to connection
debug(10-OCT-2021 16:31:40.82): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received: Algorithm negotiation failed.
debug(10-OCT-2021 16:31:40.82): SshReadLine/SSHREADLINE.C:3728: Uninitializing ReadLine...
warning: Authentication failed.
debug(10-OCT-2021 16:31:40.82): Ssh2/SSH2.C:331: locally_generated = TRUE
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).

debug(10-OCT-2021 16:31:40.82): Ssh2Client/SSHCLIENT.C:1742: Destroying client.
debug(10-OCT-2021 16:31:40.82): SshConfig/SSHCONFIG.C:2949: Freeing pki. (host_pki != NULL, user_pki = NULL)
debug(10-OCT-2021 16:31:40.82): SshConnection/SSHCONN.C:2653: Destroying SshConn object.
debug(10-OCT-2021 16:31:40.82): Ssh2Client/SSHCLIENT.C:1810: Destroying client completed.
debug(10-OCT-2021 16:31:40.82): SshAuthMethodClient/SSHAUTHMETHODC.C:109: Destroying authentication method array.
debug(10-OCT-2021 16:31:40.82): SshAppCommon/SSHAPPCOMMON.C:326: Freeing global SshRegex context.
debug(10-OCT-2021 16:31:40.82): SshConfig/SSHCONFIG.C:2949: Freeing pki. (host_pki = NULL, user_pki = NULL)

$

More information about the Info-vax mailing list