[Info-vax] VMS SSH2 - tcpip$ssh_ssh-keygen2.exe (Couldn't agree on kex or hostkey alg)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri May 26 15:12:42 EDT 2023
On 2023-05-26 14:17:03 +0000, HCorte said:
> A sexta-feira, 26 de maio de 2023 à(s) 10:02:39 UTC+1, Single Stage to
> Orbit escreveu:
>> On Thu, 2023-05-25 at 13:54 -0700, Bob Gezelter wrote:> >
>> KexAlgorithms +diffie-hellman-group1-sha1> > HostKeyAlgorithms
>> +ssh-dss> > Ciphers +aes128-cbc
>> I'd be delighted if VSI updated OpenSSH to enable ed22519. I live in>
>> hope some day :-D> --> Tactical Nuclear Kittens
OpenSSH version 6.5 and later offer ed22519, and—per the release
notes—the OpenVMS version does support ed25519.
The OpenVMS OpenSSH port does not support ed25519-sk keys, which is
related to FIDO / U2F authentication. Which would be nice to have, yes.
> yes @Bob the prolem is in the server side,
The problem is with the OpenVMS server and with its administration.
> We tried to connect in another machine unix that has the version 7 of
> ssh and it worked well, so now will be installed that version in the
> final unix machine with a diferent port so the problem will be fixed as
> was suggested here, thanks for all the feedback.
Old systems can and will fall behind, and network connections and
services will fail as peers are kept (more) current. Inevitably.
> yes @Craig not gona install a new version of ssh in OpenVMS machine
> don't know what kind of problems could/would arise from that and have 0
> experience in installing any software in VMS...
SSH connection downgrade scripts have gotten posted here on occasion.
I've posted a template sethost shell script for macOS and other Unix
and Linux platforms. That script allows systems with newer ssh easier
access into outdated OpenVMS ssh configurations, and to outdated iLO
ssh configurations. And easier telnet access, for those here connecting
to the antediluvian stuff.
https://groups.google.com/g/comp.os.vms/c/DhT_TWepPJ8/m/ReiPhF25CAAJ
While previous OpenVMS régimes were sometimes slow to push out patches
for SSH and TLS, VSI has been better about that.
>From the HP era, TCP/IP Services V5.7-ECO5 or later will probably work
here, too. That patch became available in 2014.
An OpenVMS Alpha server in production in 2023 should be running
V8.4-2L1 or -2L2, with a plan underway to migrate to OpenVMS x86-64, or
a plan to port the apps to Linux, Windows, or otherwise, or a plan to
retire the server and its apps entirely.
Otherwise, and to paraphrase an aphorism from another context, if you
look around the table and don't know who the designated scapegoat is,
it's probably you.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list