[Info-vax] SSH from VMS to 3Par

Jan-Erik Söderholm jan-erik.soderholm at telia.com
Sun Oct 10 17:02:12 EDT 2021 

Den 2021-10-10 kl. 22:40, skrev pcoviello at gmail.com:
> On Wednesday, October 6, 2021 at 3:19:25 PM UTC-4, Dave Froble wrote:
>> On 10/6/2021 12:26 PM, Stephen Hoffman wrote:
>>> On 2021-10-06 16:13:02 +0000, pcov... at gmail.com said:
>>>
>>>> On Wednesday, October 6, 2021 at 11:12:30 AM UTC-4, Stephen Hoffman
>>>> wrote:
>>>>> On 2021-10-06 15:06:49 +0000, pcov... at gmail.com said:
>>>>>
>>>>>> has anybody done this successfully and how?
>>>>>>
>>>>>> evidently the ciphers on both systems can't agree and close the
>>>>>> connection. is it doable if I have a key on both systems that I've
>>>>>> generated on my pc? and if so where do I place it on VMS? the 3Par
>>>>>> has an add option.
>>>>>
>>>>> If you're not on V5.7 ECO5c or higher (ECO5o is current on Itanium,
>>>>> and ECO5c is per-call on Alpha), get there, and try ssh again.
>>>>>
>>>>> If things fail then, use ssh -vvvvvv and check the results of the
>>>>> negotiation for the key exchange and the cipher from what is
>>>>> available on both ends of whichever version of 3PAR and OpenVMS
>>>>> you're using here.
>>>>
>>>> thanks I'll look for it, why didn't anyone from VSI recommend this
>>>> when I called it in. sigh
>>>> I'm on VSI I64VMS TCPIP V5.7-13ECO5B and I have the latest SSH patch
>>>> too.
>>>
>>> Why doesn't OpenVMS itself notify the system administrator^Wmanager that
>>> the server is down-revision? Sigh. Alas, we all get to track this
>>> manually, or with our own tooling. VSI does have some new tool arriving
>>> here, though details are sparse.
>>>
>>> One VSI ssh patch featured an interesting collection of directions, and
>>> the installation instructions were, well, in conflict with the provided
>>> files. That boo-boo won't hit your case here, though.
>>>
>>> Fetch ECO5o from the VSI patch server if that's not already installed,
>>> and try ssh again.
>> After applying ECO5O I was able to access via SFTP systems with the
>> latest encryption. At least for a couple of weeks until newer stuff
>> gets used.
>>
>> :-)
>>> Then ssh -vvvvv and check for the details of the negotiation failure, if
>>> an error arises.
>>>
>>>
>>>
>>
>>
>> --
>> David Froble Tel: 724-529-0450
>> Dave Froble Enterprises, Inc. E-Mail: da... at tsoft-inc.com
>> DFE Ultralights, Inc.
>> 170 Grimplin Road
>> Vanderbilt, PA 15486
> 
> PRODUCT                              KIT TYPE    OPERATION   VAL DATE
> ------------------------------------ ----------- ----------- --- -----------
> VSI I64VMS TCPIP_PAT V5.7-ECO5O      Patch       Install     Val 10-OCT-2021
> 
> installed the latest and same results  sigh
> 
> $ ssh 3paradm at 10.128.20.13
> warning: Authentication failed.
> Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).
> 
> 
> 
> $ ssh 3paradm at 10.128.20.13 -v
> debug(10-OCT-2021 16:31:40.80): Connecting to 10.128.20.13, port 22... (SOCKS not used)
> debug(10-OCT-2021 16:31:40.80): Ssh2/SSH2.C:2897: Entering event loop.
> debug(10-OCT-2021 16:31:40.81): Ssh2Client/SSHCLIENT.C:1666: Creating transport protocol.
> debug(10-OCT-2021 16:31:40.81): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "hostbased" to usable methods.
> debug(10-OCT-2021 16:31:40.81): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "publickey" to usable methods.
> debug(10-OCT-2021 16:31:40.81): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added "password" to usable methods.
> debug(10-OCT-2021 16:31:40.81): Ssh2Client/SSHCLIENT.C:1707: Creating userauth protocol.
> debug(10-OCT-2021 16:31:40.81): client supports 3 auth methods: 'hostbased,publickey,password'
> debug(10-OCT-2021 16:31:40.81): SshUnixTcp/SSHUNIXTCP.C:1758: using local hostname facst1.ccsusa.com
> debug(10-OCT-2021 16:31:40.81): Ssh2Common/SSHCOMMON.C:541: local ip = 10.128.18.15, local port = 49182
> debug(10-OCT-2021 16:31:40.81): Ssh2Common/SSHCOMMON.C:543: remote ip = 10.128.20.13, remote port = 22
> debug(10-OCT-2021 16:31:40.81): SshConnection/SSHCONN.C:2601: Wrapping...
> debug(10-OCT-2021 16:31:40.81): SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine...
> debug(10-OCT-2021 16:31:40.81): Remote version: SSH-2.0-OpenSSH_7.5p1 Debian-5
> debug(10-OCT-2021 16:31:40.81): OpenSSH: Major: 7 Minor: 5 Revision: 0
> debug(10-OCT-2021 16:31:40.81): Ssh2Transport/TRCOMMON.C:1876: All versions of OpenSSH handle kex guesses incorrectly.
> debug(10-OCT-2021 16:31:40.81): Ssh2Transport/TRCOMMON.C:1954: Using Client order for common key exchange algorithms.
> debug(10-OCT-2021 16:31:40.81): Ssh2Transport/TRCOMMON.C:3631: local kexinit: kex algs = diffie-hellman-group14-sha1,diffie-hellman-
> group1-sha1
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 2 to connection
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 20 to connection
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2854: >TR packet_type=20
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2197: Computing algorithms from key exchange.
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2260: client: kex = diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,
>   hk_alg = ssh-dss,ssh-rsa,x509v3-sign-dss,x509v3-sign-rsa
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2262: server: kex = diffie-hellman-group-exchange-sha256, hk_alg = ssh-rsa,
> rsa-sha2-512,rsa-sha2-256
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2142: Algorithm negotiation failed for c_to_s_mac: client list: hmac-sha1,h
> mac-sha1-96,hmac-md5,hmac-md5-96 vs. server list : hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sh
> a2-256
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2142: Algorithm negotiation failed for s_to_c_mac: client list: hmac-sha1,h
> mac-sha1-96,hmac-md5,hmac-md5-96 vs. server list : hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sh
> a2-256
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2413: lang s to c: `', lang c to s: `'
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:2429: Couldn't agree on kex or hostkey alg. (chosen_kex = NULL, chosen_host
> _key = ssh-rsa)
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 2 to connection
> debug(10-OCT-2021 16:31:40.82): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 1 to connection
> debug(10-OCT-2021 16:31:40.82): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received: Algorithm negotiation failed.
> debug(10-OCT-2021 16:31:40.82): SshReadLine/SSHREADLINE.C:3728: Uninitializing ReadLine...
> warning: Authentication failed.
> debug(10-OCT-2021 16:31:40.82): Ssh2/SSH2.C:331: locally_generated = TRUE
> Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).
> 
> debug(10-OCT-2021 16:31:40.82): Ssh2Client/SSHCLIENT.C:1742: Destroying client.
> debug(10-OCT-2021 16:31:40.82): SshConfig/SSHCONFIG.C:2949: Freeing pki. (host_pki != NULL, user_pki = NULL)
> debug(10-OCT-2021 16:31:40.82): SshConnection/SSHCONN.C:2653: Destroying SshConn object.
> debug(10-OCT-2021 16:31:40.82): Ssh2Client/SSHCLIENT.C:1810: Destroying client completed.
> debug(10-OCT-2021 16:31:40.82): SshAuthMethodClient/SSHAUTHMETHODC.C:109: Destroying authentication method array.
> debug(10-OCT-2021 16:31:40.82): SshAppCommon/SSHAPPCOMMON.C:326: Freeing global SshRegex context.
> debug(10-OCT-2021 16:31:40.82): SshConfig/SSHCONFIG.C:2949: Freeing pki. (host_pki = NULL, user_pki = NULL)
> 
> $
> 


Just asking...
What is the reason that you *need* to access the 3Par system from VMS?
Cannot the 3Par system be accessed directly from your desktop system?

More information about the Info-vax mailing list