[Info-vax] VMS SSH2 - tcpip$ssh_ssh-keygen2.exe (Couldn't agree on kex or hostkey alg)
HCorte
hmmbcorte at gmail.com
Wed May 31 06:45:09 EDT 2023
A domingo, 28 de maio de 2023 à(s) 02:15:35 UTC+1, kemain... at gmail.com escreveu:
> > -----Original Message-----
> > From: Info-vax <info-vax... at rbnsn.com> On Behalf Of Stephen
> > Hoffman via Info-vax
> > Sent: Friday, May 26, 2023 4:13 PM
> > To: info... at rbnsn.com
> > Cc: Stephen Hoffman <seao... at hoffmanlabs.invalid>
> > Subject: Re: [Info-vax] VMS SSH2 - tcpip$ssh_ssh-keygen2.exe (Couldn't agree
> > on kex or hostkey alg)
> >
> > On 2023-05-26 14:17:03 +0000, HCorte said:
> >
> > > A sexta-feira, 26 de maio de 2023 à(s) 10:02:39 UTC+1, Single Stage to
> > > Orbit escreveu:
> > >> On Thu, 2023-05-25 at 13:54 -0700, Bob Gezelter wrote:> >
> > >> KexAlgorithms +diffie-hellman-group1-sha1> > HostKeyAlgorithms
> > >> +ssh-dss> > Ciphers +aes128-cbc
> > >> I'd be delighted if VSI updated OpenSSH to enable ed22519. I live in>
> > >> hope some day :-D> --> Tactical Nuclear Kittens
> >
> > OpenSSH version 6.5 and later offer ed22519, and—per the release notes—
> > the OpenVMS version does support ed25519.
> >
> > The OpenVMS OpenSSH port does not support ed25519-sk keys, which is
> > related to FIDO / U2F authentication. Which would be nice to have, yes.
> >
> > > yes @Bob the prolem is in the server side,
> >
> > The problem is with the OpenVMS server and with its administration.
> >
> > > We tried to connect in another machine unix that has the version 7 of
> > > ssh and it worked well, so now will be installed that version in the
> > > final unix machine with a diferent port so the problem will be fixed
> > > as was suggested here, thanks for all the feedback.
> >
> > Old systems can and will fall behind, and network connections and services will
> > fail as peers are kept (more) current. Inevitably.
> >
> One option to address this is to adopt the commercial SSH package from Process Software.
> < https://www.process.com/products/ssh/>
>
> Supports
> - OpenVMS VAX 5.5-2 or higher
> - OpenVMS Alpha 6.2 or higher
> - OpenVMS Integrity 8.2 or higher
>
> ** Runs on any version of TCP/IP Services supported by HPE or VSI
>
> Can also get a free evaluation kit from Process Software.
> > > yes @Craig not gona install a new version of ssh in OpenVMS machine
> > > don't know what kind of problems could/would arise from that and have
> > > 0 experience in installing any software in VMS...
> >
> > SSH connection downgrade scripts have gotten posted here on occasion.
> > I've posted a template sethost shell script for macOS and other Unix and Linux
> > platforms. That script allows systems with newer ssh easier access into
> > outdated OpenVMS ssh configurations, and to outdated iLO ssh
> > configurations. And easier telnet access, for those here connecting to the
> > antediluvian stuff.
> >
> > https://groups.google.com/g/comp.os.vms/c/DhT_TWepPJ8/m/ReiPhF25CA
> > AJ
> >
> > While previous OpenVMS régimes were sometimes slow to push out patches
> > for SSH and TLS, VSI has been better about that.
> >
> > From the HP era, TCP/IP Services V5.7-ECO5 or later will probably work here,
> > too. That patch became available in 2014.
> >
> > An OpenVMS Alpha server in production in 2023 should be running
> > V8.4-2L1 or -2L2, with a plan underway to migrate to OpenVMS x86-64, or a
> > plan to port the apps to Linux, Windows, or otherwise, or a plan to retire the
> > server and its apps entirely.
> >
> > Otherwise, and to paraphrase an aphorism from another context, if you look
> > around the table and don't know who the designated scapegoat is, it's
> > probably you.
> >
> Regards,
>
> Kerry Main
> Kerry dot main at starkgaming dot com
>
>
>
>
> --
> This email has been checked for viruses by AVG antivirus software.
> www.avg.com
its seems that beside the changes made to /etc/ssh/sshd_config (kex,ciphers,mac's),
it also need to change the /etc/sysconfig/sshd and uncomment the line
CRYPTO_POLICY=
from there is worked even with the ssh v8 in the server, so it was /etc/sysconfig/sshd file that missing that change to fix it.
files changed needed to make it work:
/etc/ssh/sshd_config
/etc/sysconfig/sshd
More information about the Info-vax
mailing list