[X2Go-User] ssh kex error

Discussion:

i***@k4ts.net

2015-10-19 13:12:43 UTC

hi, i'm not able to connect
to my new hardened gentoo server using x2go.

No matter which key type i select for the connection,
the client (v. 4.0.5.0) terminates with the following:

kex error : no match for method server host key algo:
server [ssh-rsa,ssh-ed25519], client [ecdsa-sha2-nistp256]

I have rsa and ed25519 keys on my client and server.

sshing from the shell works like always. log is attached.

do you have an idea, whats might wrong?

thx,
k4t

***@e10 ~ $ ssh ***@host
OpenSSH_6.9p1-hpn14v5, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to host.net port 51822.
debug1: Connection established.
debug1: identity file /home/k4tfish/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1-hpn14v5
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.9p1-hpn14v5
debug1: match: OpenSSH_6.9p1-hpn14v5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to host...net:51822 as 'k4tfish'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'chacha20-***@openssh.com'
debug1: kex: server->client chacha20-***@openssh.com <implicit>
none
debug1: REQUESTED ENC.NAME is 'chacha20-***@openssh.com'
debug1: kex: client->server chacha20-***@openssh.com <implicit>
none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:xyz
debug1: Host '[host.net]:51822' is known and matches the ED25519 host
key.
debug1: Found key in /home/k4tfish/.ssh/known_hosts:203
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/k4tfish/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to host ([123.123.456.7]:51822).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Requesting no-more-***@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-***@openssh.com
want_reply 0
debug1: Sending environment.
debug1: Sending env LC_COLLATE = C
debug1: Sending env LANG = en_US.utf8

i***@k4ts.net

2015-10-19 15:37:59 UTC

Permalink

the new version of openssh disabled certain insecure
ciphers...

Version7 is what you mean. I use 6.9 on both client and server.

you can add
the following line to your /etc/ssh/sshd_config manually enable the
KexAlgorithms

Adding these ciphers doesn't help - same algo error,

Thats wired coz I can ssh to the server without any issues.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Eskimo North Linux Friendly Internet Access, Shell Accounts, and
Hosting.
Knowledgeable human assistance, not telephone trees or script
readers.
See our web site: http://www.eskimo.com/ (206) 812-0051 or (800)
246-6874.

Date: Mon, 19 Oct 2015 15:12:43 +0200
Subject: [X2Go-User] ssh kex error
hi, i'm not able to connect
to my new hardened gentoo server using x2go.
No matter which key type i select for the connection,
server [ssh-rsa,ssh-ed25519], client [ecdsa-sha2-nistp256]
I have rsa and ed25519 keys on my client and server.
sshing from the shell works like always. log is attached.
do you have an idea, whats might wrong?
thx,
k4t
OpenSSH_6.9p1-hpn14v5, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to host.net port 51822.
debug1: Connection established.
debug1: identity file /home/k4tfish/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/k4tfish/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1-hpn14v5
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.9p1-hpn14v5
debug1: match: OpenSSH_6.9p1-hpn14v5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to host...net:51822 as 'k4tfish'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
none
none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:xyz
debug1: Host '[host.net]:51822' is known and matches the ED25519 host
key.
debug1: Found key in /home/k4tfish/.ssh/known_hosts:203
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/k4tfish/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to host ([123.123.456.7]:51822).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Entering interactive session.
want_reply 0
debug1: Sending environment.
debug1: Sending env LC_COLLATE = C
debug1: Sending env LANG = en_US.utf8
_______________________________________________
x2go-user mailing list
http://lists.x2go.org/listinfo/x2go-user

Josep Manel Andrés Moscardó

2018-11-13 14:49:14 UTC

Permalink

Hi,
I have a connection to a x2go server (slurm login node) that works fine,
but my issue is that when I open a terminal and try to ssh into a node
it just hangs until it times out.

Is there any restriction for it?

I am connecting to the x2go server using password or ssh key, and trying
to ssh to the node using ssh key or password, it doesn't matter.

Thanks.

Stefan Baur

2018-11-13 15:14:49 UTC

Permalink

Post by Josep Manel AndrÃ©s MoscardÃ³
Hi,
I have a connection to a x2go server (slurm login node) that works fine,
but my issue is that when I open a terminal and try to ssh into a node
it just hangs until it times out.
Is there any restriction for it?
I am connecting to the x2go server using password or ssh key, and trying
to ssh to the node using ssh key or password, it doesn't matter.
Thanks.

Using a key file isn't trivial in this situation. I would suggest
making your first attempts using a regular username/password combinations.

First, try pinging the destination server from within the X2Go session.

If you can't ping it, the problem might not be with SSH but with an
underlying network (mis)configuration). Running traceroute and looking
at/posting the output can't hurt, either.

Also, crank up the verbosity level of the ssh client inside the X2Go
session like so:

ssh -vvv ***@host

You might also want to try to ping with larger packet sizes, like so:

ping -s 1500 host

if a regular ping works, but it fails when specifying "-s 1500", it
might be an MTU issue. Start decreasing the number until you can get a
successful ping through, then set the MTU on the interface to that value.

-Stefan

--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

Josep Manel Andrés Moscardó

2018-11-13 16:30:09 UTC

Permalink

That was exactly it.... Thanks a lot.

It was weird, since I would say that I had it working before, and I
don't remember any change going on the infrastructure.

But thanks a lot.

Post by Stefan Baur

Using a key file isn't trivial in this situation. I would suggest
making your first attempts using a regular username/password combinations.
First, try pinging the destination server from within the X2Go session.
If you can't ping it, the problem might not be with SSH but with an
underlying network (mis)configuration). Running traceroute and looking
at/posting the output can't hurt, either.
Also, crank up the verbosity level of the ssh client inside the X2Go
ping -s 1500 host
if a regular ping works, but it fails when specifying "-s 1500", it
might be an MTU issue. Start decreasing the number until you can get a
successful ping through, then set the MTU on the interface to that value.
-Stefan