[Info-vax] ssh client connection issue to VMS
pcoviello at gmail.com
pcoviello at gmail.com
Tue Jan 25 14:03:24 EST 2022
we are trying to get TN3270 to work with a small subset of ciphers and macs since we didn't do well in an audit.
the problem
TN3270 doesn't connect and I get a error code 7 cipher is unsupported.
Putty works fine, SSH from my pc works.
here is the VMS output in the log file pointing to the connection
debug(25-JAN-2022 13:31:02.07): Remote version: SSH-2.0-TN3270Plus_4.0.7
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:1954: Using Client order for common key exchange algorithms.
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:2073: Constructing the first key exchange packet.
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3631: local kexinit: kex algs = diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3658: local kexinit: host key algs = ssh-dss
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3666: local kexinit: ciphers c to s = aes256-ctr,aes192-ctr,aes128-ctr,aes2
56-cbc
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3674: local kexinit: ciphers s to c = aes256-ctr,aes192-ctr,aes128-ctr,aes2
56-cbc
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3680: local kexinit: macs c to s = hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1
-96
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3686: local kexinit: macs s to c = hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1
-96
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3692: local kexinit: compressions c to s = none,zlib
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3698: local kexinit: compressions s to c = none,zlib
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:3708: local kexinit: first_packet_follows = FALSE
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:1261: Outgoing empty, sending empty ignore packet.
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 2 to connection
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:1154: Sending packet with type 20 to connection
debug(25-JAN-2022 13:31:02.07): Ssh2Transport/TRCOMMON.C:2961: Getting a SSH_MSG_KEXINIT packet from connection.
debug(25-JAN-2022 13:31:04.70): Ssh2Transport/TRCOMMON.C:2961: Getting a SSH_MSG_KEXINIT packet from connection.
debug(25-JAN-2022 13:31:04.70): Ssh2Transport/TRCOMMON.C:2854: >TR packet_type=1
debug(25-JAN-2022 13:31:04.71): Ssh2Transport/TRCOMMON.C:2558: Processing received SSH_MSG_DISCONNECT
debug(25-JAN-2022 13:31:04.71): Ssh2Transport/TRCOMMON.C:1300: Disconnecting: reason code: 11 message: 'Unsupported cipher'
debug(25-JAN-2022 13:31:04.71): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received: Unsupported cipher
Tue 25 13:31:04 INFORMATIONAL: Remote host disconnected: Unsupported cipher
debug(25-JAN-2022 13:31:04.71): Sshd2/SSHD2.C:760: locally_generated = FALSE
Tue 25 13:31:04 INFORMATIONAL: disconnected by application in remote: 'Unsupported cipher'
debug(25-JAN-2022 13:31:04.71): SshServer/SSHSERVER.C:317: Destroying server.
debug(25-JAN-2022 13:31:04.71): SshConfig/SSHCONFIG.C:2949: Freeing pki. (host_pki != NULL, user_pki != NULL)
debug(25-JAN-2022 13:31:04.71): SshCertCMi/CMI.C:454: Free certificate manager.
SDI has had no suggestions as to what to do,
I've also the ciphers to the latest that VSI has put out or at least at the time.
I'm running 8.4-1H1 VSI I64VMS TCPIP V5.7-13ECO5F
anyone have any other thoughts?
and yes I have created a new config file also and generated new keys.
thanks
Paul
More information about the Info-vax
mailing list