[Info-vax] VMS SSH2 - tcpip$ssh_ssh-keygen2.exe (Couldn't agree on kex or hostkey alg)

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Fri May 26 15:12:42 EDT 2023


On 2023-05-26 14:17:03 +0000, HCorte said:

> A sexta-feira, 26 de maio de 2023 à(s) 10:02:39 UTC+1, Single Stage to 
> Orbit escreveu:
>> On Thu, 2023-05-25 at 13:54 -0700, Bob Gezelter wrote:> >    
>> KexAlgorithms +diffie-hellman-group1-sha1> >    HostKeyAlgorithms 
>> +ssh-dss> >    Ciphers +aes128-cbc
>> I'd be delighted if VSI updated OpenSSH to enable ed22519. I live in> 
>> hope some day :-D> --> Tactical Nuclear Kittens

OpenSSH version 6.5 and later offer ed22519, and—per the release 
notes—the OpenVMS version does support ed25519.

The OpenVMS OpenSSH port does not support ed25519-sk keys, which is 
related to FIDO / U2F authentication.  Which would be nice to have, yes.

> yes @Bob the prolem is in the server side,

The problem is with the OpenVMS server and with its administration.

> We tried to connect in another machine unix that has the version 7 of 
> ssh and it worked well, so now will be installed that version in the 
> final unix machine with a diferent port so the problem will be fixed as 
> was suggested here, thanks for all the feedback.

Old systems can and will fall behind, and network connections and 
services will fail as peers are kept (more) current. Inevitably.

> yes @Craig not gona install a new version of ssh in OpenVMS machine 
> don't know what kind of problems could/would arise from that and have 0 
> experience in installing any software in VMS...

SSH connection downgrade scripts have gotten posted here on occasion. 
I've posted a template sethost shell script for macOS and other Unix 
and Linux platforms. That script allows systems with newer ssh easier 
access into outdated OpenVMS ssh configurations, and to outdated iLO 
ssh configurations. And easier telnet access, for those here connecting 
to the antediluvian stuff.

https://groups.google.com/g/comp.os.vms/c/DhT_TWepPJ8/m/ReiPhF25CAAJ

While previous OpenVMS régimes were sometimes slow to push out patches 
for SSH and TLS, VSI has been better about that.

>From the HP era, TCP/IP Services V5.7-ECO5 or later will probably work 
here, too. That patch became available in 2014.

An OpenVMS Alpha server in production in 2023 should be running 
V8.4-2L1 or -2L2, with a plan underway to migrate to OpenVMS x86-64, or 
a plan to port the apps to Linux, Windows, or otherwise, or a plan to 
retire the server and its apps entirely.

Otherwise, and to paraphrase an aphorism from another context, if you 
look around the table and don't know who the designated scapegoat is, 
it's probably you.


-- 
Pure Personal Opinion | HoffmanLabs LLC 




More information about the Info-vax mailing list