Post by Chris TownleyNot sure if I am being silly, but I now have 2 nodes running tcpware
(TCPware(R) V6.0-0 Copyright (c) Process Software, OpenVMS version V8.4-2L1)
I have only enabled ssh2 connections.
If I connect from PC I connect fine, but if I connect from VMS, I get
the key exchange error
warning: Could not read private key DKA100:[TOWNLEYC.SSH2]ID_RSA_MERLIN
and I get prompted for password.
SSH2.DIR;1 [CCT,TOWNLEYC] (RWE,RWE,RE,E)
ID_RSA_MERLIN.;2 [CCT,TOWNLEYC] (RW,RW,,)
ID_RSA_MERLIN.PUB;2 [CCT,TOWNLEYC] (RWED,RWED,RE,R)
Seems OK to me, so I must be missing something.
Any suggestions?
Chris
Sounds like a configuration error to me. Try SSH/DEBUG=4 and look for the following section:
debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:65: kex_algorithms = ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman
-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-g
roup1-sha1
debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:66: host_key_algorithms = x509v3-ecdsa-sha2-nistp521,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa
-sha2-nistp256,x509v3-ssh-dss,x509v3-ssh-rsa,x509v3-rsa2048-sha256,x509v3-sign-dss,x509v3-sign-rsa,ecdsa-sha2-nistp521,ecdsa-sha2-ni
stp384,ecdsa-sha2-nistp256,rsa2048-sha256,ssh-dss,ssh-rsa
debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:67: ciphers_c_to_s = aes128-***@openssh.com,aes256-***@openssh.com,aes128-ctr,aes128-cbc,aes
192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,none
debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:68: ciphers_s_to_c = aes128-***@openssh.com,aes256-***@openssh.com,aes128-ctr,aes128-cbc,aes
192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,none
debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:69: macs_c_to_s = hmac-sha2-256,hmac-sha2-512,hmac-sha256,hmac-sha1,hmac-md5,none
debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:70: macs_s_to_c = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,none
debug: (08:19:56)Ssh2Client/SSHCLIENT.C;5:1819: Creating transport protocol.
debug: (08:19:56)Ssh2Trans/SSHTRANS.C;2:115: client_wrap already have params
debug: (08:19:56)Ssh2Transport/TRCOMMON.C;6:4319: available kex algorithms:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,di
ffie-hellman-group1-sha1
debug: (08:19:56)Ssh2Transport/TRCOMMON.C;6:4337: guessed kex ecdh-sha2-nistp256, host key x509v3-ecdsa-sha2-nistp521
debug: (08:19:56)SshProtoTrKex/TRKEX.C;4:1017: have SshKexType object for ecdh-sha2-nistp256
Also, make sure that both systems have recent SSHB patches.
- Correct an error in Group Exchange Key Exchange for group 18.
SSHB_V602P040 ECO Rank 3 8-Jul-2019