Date: Wed, 24 Jul 2002 12:33:25 -0700 (PDT) From: twig les <twigles@yahoo.com> To: Peter Pentchev <roam@ringlet.net> Cc: freebsd-security@freebsd.org Subject: SSH problem (was ssh cipher) Message-ID: <20020724193325.92208.qmail@web10107.mail.yahoo.com> In-Reply-To: <20020724182612.GC31448@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
Well the problem isn't ssh.com vs openssh. I sshed from the pos box to my sniffer and got in, but couldn't ssh back again. This is the verbose output from the session from the pos to the sniffer: <snip> # ssh -v -v -v -l snort 10.x.x.x OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f Contains Cisco Secure Intrusion Detection System modifications. Domestic strength encryption. (k9). debug: Reading configuration data /etc/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to 10.20.0.124 [10.20.0.124] port 922. debug: Allocated local port 1023. debug: Connection established. debug: identity file /root/.ssh/identity type 3 debug: identity file /root/.ssh/id_dsa type 3 debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0 FreeBSD localisations 20010713 debug: match: OpenSSH_2.3.0 FreeBSD localisations 20010713 pat ^OpenSSH_2\.3\.0 debug: Local version string SSH-1.5-OpenSSH_2.5.1p2 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). <snip> debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Doing password authentication. snort@10.x.x.x's password: <snip> But when sshing back, I got the following: %ssh -c 3des-cbc -v -v -v 10.20.0.90 SSH Version OpenSSH_2.3.0 FreeBSD localisations 20010713, protocol versions 1.5/2.0. Compiled with SSL (0x0090601f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 1001 geteuid 1001 anon 1 debug: Connecting to (null) [10.20.0.90] port 22. debug: Connection established. ssh_exchange_identification: Connection closed by remote host debug: Calling cleanup 0x8058204(0x0) <snip> Things I've ruled out: Incompatibility with ssh.com and openssh (can ssh from sniffer to ssh.com boxes). Wrong user Wrong listening port Unallowed source IP (I can telnet in, but not SSH) Wrong cipher - it's using 3des Am I destined to bang my head on the desk and load Warcraft 3? --- Peter Pentchev <roam@ringlet.net> wrote: > On Wed, Jul 24, 2002 at 11:02:09AM -0700, twig les > wrote: > > All, I have a POS box running an old version of > > openssh (not allowed to upgrade it, sigh). Right > now > > our jumpoff point is running ssh.com software and > gets > > the following error immediately: > > > > ssh 1.1.1.1 > > warning: Authentication failed. > > Disconnected; connection lost (Connection > closed.). > > > > I've tried specifying the user and even the port > but I > > think the problem may be that the openssh (2.5 i > > think) may not be using the correct cipher. How > do I > > check what cipher this guy is using? Also, this > box > > has got to be logging the connections attempts > > somewhere, but I haven't seen it. > > Does the ssh.com SSH client have something > resembling > the OpenSSH client's "-v" command-line option, and > especially its "-v -v -v" functionality? :) > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: > http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 > B68D 1619 4553 > No language can express every thought unambiguously, > least of all this one. > > ATTACHMENT part 2 application/pgp-signature ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020724193325.92208.qmail>