Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 04-22-2019, 11:37 PM
peng19832 peng19832 is offline
Registered User
 
Join Date: Apr 2019
Posts: 3
Exclamation After upgrading to openssh 8.0, cannot connect to the Linux host using SecureCRT

Such as the title.
When I upgraded openssh to version 8.0 on centos 7.6, I was unable to connect to the host through SecureCRT 8.5. However, from other Linux hosts, ssh can be used to connect normally.

Env:
CentOS 7.6
openssl:1.1.1b(Compile args:-fPIC shared zlib-dynamic)
openssh:8.0(Compile args:--prefix=/usr --sysconfdir=/etc/ssh --with-ssl --with-pam --with-zlib --with-md5-passwords)

CRT trace:
[PRINTER] : Printer initialization succeeded
[LOCAL] : SSH2Core version 8.5.0.1867
[LOCAL] : Connecting to 127.0.0.1:7122 ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_8.0'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp521
[LOCAL] : Available Remote Host Key Algos = rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128...cm@openssh.com
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128...cm@openssh.com
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none,zlib@openssh.com
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : SSH_MSG_KEX_ECDH_INIT
[LOCAL] : RECV : SSH_MSG_KEX_ECDH_REPLY
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash hex): 4c:1c:2a:f7:2e:dc:9a:bd:1d:90:2e:14:b4:b3:6e:72:ec:6b:08:a3:a2:28:0e:44:84:5e:67:07:3b:56:19:dd
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash base64): TBwq9y7cmr0dkC4UtLNucuxrCKOiKA5EhF5nBztWGd0
[LOCAL] : RECV: Remote Hostkey (SHA-1 hash): 49:ce:0f:14:57:87:26:df:0d:18:5a:e0:9e:0c:e3:da:ca:bd:2a:bd
[LOCAL] : RECV: Remote Hostkey (MD5 hash): bb:2d:f7:97:62:4f:1e:fb:bc:a1:b4:32:fd:2c:4d:bf
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_NEWKEYS_RECEIVED
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
SecureCRT - Version 8.5.3 (x64 build 1867)
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_NEWKEYS_RECEIVED to STATE_CONNECTION
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : Authenticating as user root
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [password]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [password]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SEND: Disconnect packet: The user canceled authentication.
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : Connected for 17 seconds, 1826 bytes sent, 2517 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NO_AUTO_RECONNECT] : The user canceled authentication.

[PRINTER] : Printer initialization succeeded
[LOCAL] : SSH2Core version 8.5.0.1867
[LOCAL] : Connecting to 127.0.0.1:7122 ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_8.0'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp521
[LOCAL] : Available Remote Host Key Algos = rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128...cm@openssh.com
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128...cm@openssh.com
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none,zlib@openssh.com
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : SSH_MSG_KEX_ECDH_INIT
SecureCRT - Version 8.5.3 (x64 build 1867)
[LOCAL] : RECV : SSH_MSG_KEX_ECDH_REPLY
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash hex): 4c:1c:2a:f7:2e:dc:9a:bd:1d:90:2e:14:b4:b3:6e:72:ec:6b:08:a3:a2:28:0e:44:84:5e:67:07:3b:56:19:dd
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash base64): TBwq9y7cmr0dkC4UtLNucuxrCKOiKA5EhF5nBztWGd0
[LOCAL] : RECV: Remote Hostkey (SHA-1 hash): 49:ce:0f:14:57:87:26:df:0d:18:5a:e0:9e:0c:e3:da:ca:bd:2a:bd
[LOCAL] : RECV: Remote Hostkey (MD5 hash): bb:2d:f7:97:62:4f:1e:fb:bc:a1:b4:32:fd:2c:4d:bf
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : Authenticating as user root
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [password]
[LOCAL] : RECV : AUTH_SUCCESS
[LOCAL] : SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
[LOCAL] : SEND[0]: Pty Request (rows: 44, cols: 232)
[LOCAL] : RECV[0]: pty request succeeded
[LOCAL] : SEND[0]: shell request
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_CONNECTION to STATE_CLOSED
[LOCAL] : Discarding invalid state change from STATE_CLOSED to STATE_ALMOST_CLOSED.
[LOCAL] : Connected for 0 seconds, 2018 bytes sent, 3237 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : The operation completed successfully.
Reply With Quote
  #2  
Old 04-23-2019, 08:25 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,997
Hi peng19832,

My suspicion on the cause surrounds this line:

[LOCAL] : Selected Recv Mac = hmac-sha2-512

In the Connection / SSH2 / Advanced category of Session Options, if you move hmac-sha2-256 above hmac-sha2-512 (and make sure it's enabled), what are the results?

If that does not fix the issue, please post or attach a log from your success case from ssh with -vvv as part of the command-line. Or, if you don't want to post it in the forums, send to support@vandyke.com and include "Attn Brenda - Forum Thread #13511" in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 04-24-2019, 05:48 AM
peng19832 peng19832 is offline
Registered User
 
Join Date: Apr 2019
Posts: 3
Exclamation

Quote:
Originally Posted by bgagnon View Post
Hi peng19832,

My suspicion on the cause surrounds this line:

[LOCAL] : Selected Recv Mac = hmac-sha2-512

In the Connection / SSH2 / Advanced category of Session Options, if you move hmac-sha2-256 above hmac-sha2-512 (and make sure it's enabled), what are the results?

If that does not fix the issue, please post or attach a log from your success case from ssh with -vvv as part of the command-line. Or, if you don't want to post it in the forums, send to support@vandyke.com and include "Attn Brenda - Forum Thread #13511" in the subject line.
Thanks for your reply.
I can't use SecureCRT to connect to the server after adjusting the order according to the method in the email.

The following is the trace information of SecureCRT:
[PRINTER] : Printer initialization succeeded
[LOCAL] : SSH2Core version 8.5.0.1867
[LOCAL] : Connecting to 127.0.0.1:7122 ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_8.0'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp256
[LOCAL] : Available Remote Host Key Algos = rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128...cm@openssh.com
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128...cm@openssh.com
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none,zlib@openssh.com
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : SSH_MSG_KEX_ECDH_INIT
[LOCAL] : RECV : SSH_MSG_KEX_ECDH_REPLY
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash hex): a4:0b:ef:b8:2a:81:7d:41:61:18:e2:58:1c:cc:d7:b3:58:7a:a5:c8:ba:83:71:52:c3:00:95:9e:80:df:04:49
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash base64): pAvvuCqBfUFhGOJYHMzXs1h6pci6g3FSwwCVnoDfBEk
[LOCAL] : RECV: Remote Hostkey (SHA-1 hash): 54:0d:57:d4:06:b4:d8:be:a3:2f:67:d5:50:45:bc:4f:eb:6b:67:ff
[LOCAL] : RECV: Remote Hostkey (MD5 hash): e7:39:f7:b7:9c:22:23:6c:b1:5f:d6:75:83:c3:e3:e5
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : Authenticating as user root
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [password]
[LOCAL] : RECV : AUTH_SUCCESS
[LOCAL] : SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
[LOCAL] : SEND[0]: Pty Request (rows: 45, cols: 233)
[LOCAL] : RECV[0]: pty request succeeded
[LOCAL] : SEND[0]: shell request
SecureCRT - Version 8.5.3 (x64 build 1867)
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_CONNECTION to STATE_CLOSED
[LOCAL] : Discarding invalid state change from STATE_CLOSED to STATE_ALMOST_CLOSED.
[LOCAL] : Connected for 0 seconds, 1946 bytes sent, 3165 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : The operation completed successfully.

The following is the normal connection from other CentOS via ssh -vvv:
[root@testvm00 ~]# ssh -vvv 10.10.10.71
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.10.10.71 [10.10.10.71] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 864 bytes for a total of 885
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss...00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128...cm@openssh.com
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128...cm@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 909
debug2: dh_gen_key: priv key bits set: 143/320
debug2: bits set: 1033/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1181
debug3: check_host_in_hostfile: host 10.10.10.71 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.10.10.71 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.10.10.71 filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host 10.10.10.71 filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host 10.10.10.71 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.10.10.71 filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host 10.10.10.71
debug3: check_host_in_hostfile: host 10.10.10.71 filename /root/.ssh/known_hosts2
debug3: check_host_in_hostfile: host 10.10.10.71 filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: host 10.10.10.71 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.10.10.71 filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host 10.10.10.71
debug3: check_host_in_hostfile: host 10.10.10.71 filename /root/.ssh/known_hosts2
debug3: check_host_in_hostfile: host 10.10.10.71 filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: host 10.10.10.71 filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.10.10.71 filename /etc/ssh/ssh_known_hosts
debug2: no key of type 3 for host 10.10.10.71
The authenticity of host '10.10.10.71 (10.10.10.71)' can't be established.
RSA key fingerprint is e7:39:f7:b7:9c:22:23:6c:b1:5f:d6:75:83:c3:e3:e5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.71' (RSA) to the list of known hosts.
debug2: bits set: 978/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1197
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1249
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug3: Wrote 68 bytes for a total of 1317
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@10.10.10.71's password:
debug3: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 148 bytes for a total of 1465
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 136 bytes for a total of 1601
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 460 bytes for a total of 2061
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Wed Apr 24 12:21:29 2019 from 10.10.10.71

I am still in the cmd on windows, try to connect via ssh -vvv, failed:
C:\Users\Lee>ssh -vvv -p 7122 root@127.0.0.1
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/Lee/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 7122.
debug1: Connection established.
debug3: Failed to open file:C:/Users/Lee/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_rsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_xmss.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/Lee/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/Lee/.ssh/id_xmss-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Lee/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:7122 as 'root'
debug3: put_host_port: [127.0.0.1]:7122
debug3: hostkeys_foreach: reading file "C:\\Users\\Lee/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\Lee/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:7122
debug3: Failed to open file:C:/Users/Lee/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh...01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh...01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128...cm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128...cm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128...cm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128...cm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:2yZy64LOu3ym/Aqa+iPlIJ3QtrEaPXbe3sR5hnOneWc
debug3: put_host_port: [127.0.0.1]:7122
debug3: put_host_port: [127.0.0.1]:7122
debug3: hostkeys_foreach: reading file "C:\\Users\\Lee/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\Lee/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:7122
debug3: Failed to open file:C:/Users/Lee/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host '[127.0.0.1]:7122' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\Lee/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug2: key: C:\\Users\\Lee/.ssh/id_rsa (0000000000000000)
debug2: key: C:\\Users\\Lee/.ssh/id_dsa (0000000000000000)
debug2: key: C:\\Users\\Lee/.ssh/id_ecdsa (0000000000000000)
debug2: key: C:\\Users\\Lee/.ssh/id_ed25519 (0000000000000000)
debug2: key: C:\\Users\\Lee/.ssh/id_xmss (0000000000000000)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\Lee/.ssh/id_rsa
debug3: no such identity: C:\\Users\\Lee/.ssh/id_rsa: No such file or directory
debug1: Trying private key: C:\\Users\\Lee/.ssh/id_dsa
debug3: no such identity: C:\\Users\\Lee/.ssh/id_dsa: No such file or directory
debug1: Trying private key: C:\\Users\\Lee/.ssh/id_ecdsa
debug3: no such identity: C:\\Users\\Lee/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: C:\\Users\\Lee/.ssh/id_ed25519
debug3: no such identity: C:\\Users\\Lee/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: C:\\Users\\Lee/.ssh/id_xmss
debug3: no such identity: C:\\Users\\Lee/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
root@127.0.0.1's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to 127.0.0.1 ([127.0.0.1]:7122).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
debug3: Successfully set console output code page from:936 to 65001
debug3: Successfully set console input code page from:936 to 65001
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)

debug3: Successfully set console output code page from 65001 to 936
debug3: Successfully set console input code page from 65001 to 936
Connection to 127.0.0.1 closed by remote host.
Connection to 127.0.0.1 closed.
Transferred: sent 1752, received 2232 bytes, in 0.1 seconds
Bytes per second: sent 13480.6, received 17173.9
debug1: Exit status -1
Reply With Quote
  #4  
Old 04-24-2019, 08:52 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,997
Hi peng19832,

I responded to the email you sent to support.

I noticed since then that you do get authenticated in your SecureCRT connection.

It's when SecureCRT sends the shell request, that SecureCRT receives the TCP/IP close:

[LOCAL] : SEND[0]: shell request
SecureCRT - Version 8.5.3 (x64 build 1867)
[LOCAL] : RECV: TCP/IP close

I think you will need to see if you can get the remote server admins to analyze the server debug logs and tell you what the issue is.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 04-24-2019, 08:57 AM
peng19832 peng19832 is offline
Registered User
 
Join Date: Apr 2019
Posts: 3
Ok, I will reply by email later, thank you.
Reply With Quote
  #6  
Old 04-25-2019, 10:02 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,997
Hi all,

So this turned out to be a really strange issue limited to VMWare. Here's what our developers had to say:

The issue only appears to happen when connecting to the OpenSSH server via a VMWare port forward (forwarding from the host machine to the Linux VM). The issue occurs when connecting with SecureCRT, Putty and the Windows SSH client, as well as SFTP connections from SecureFX and WinSCP.
We advised the customer to report this behavior to OpenSSH and/or VMWare.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply

Tags
connect failed


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 03:29 AM.