Opened 10 years ago
Closed 8 years ago
#270 closed defect (fixed)
Winswitch unable to connect over ssh from MS Windows to server running openssh 6.7
Reported by: | dfeldstern | Owned by: | dfeldstern |
---|---|---|---|
Priority: | critical | Milestone: | 0.12 |
Component: | Global | Keywords: | |
Cc: |
Description
After upgrading a linux server to openssh 6.7, I'm no longer able to connect to it from MS Windows (winswitch 0.12.20). In the server's log I see "fatal: Unable to negotiate a key exchange method [preauth]". I have no trouble connecting to the server via putty.
It seems that this is a twisted-conch issue: http://twistedmatrix.com/trac/ticket/7672
However, I assume that even once that's fixed, some work will be required on winswitch's part, too, even if only to create a new build; so opening a ticker here, too.
Change History (14)
comment:1 Changed 10 years ago by
Milestone: | → 0.12 |
---|---|
Owner: | set to Antoine gmail |
Priority: | major → critical |
Status: | new → accepted |
comment:2 Changed 10 years ago by
Thanks for the quick response! Just to clarify -- AFAICT this hasn't been fixed yet in twisted itself...
I know that the following idea probably makes absolutely no sense, but just throwing it out there because of my interest in #190 (see comment 5 there) : given the backwards-incompatibilities in twisted, would it make any sense to switch to paramiko for ssh?
comment:3 Changed 10 years ago by
Another problem with moving to paramiko is that the current code uses the twisted deferred, and I'm not sure how to convert that to paramiko without using threads.. and threads are hard to get right.
Also, I don't have time. Patches are most welcome though!
comment:4 Changed 10 years ago by
This affects Debian Jessie because they carry OpenSSH 6.7 by default.
I have found no other way to fix this other than forward-porting OpenSSH 6.6 from Wheezy.
comment:5 Changed 9 years ago by
Still no resolution... twisted conch is not used much then.
(and I still don't have time to try to move back to paramiko or something else)
PITA.
comment:6 Changed 9 years ago by
Adding this to sshd_config worked for me on Debian 8:
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
comment:7 Changed 9 years ago by
I got this on Ubuntu 15.04 (OpenSSH 6.7). I had to add diffie-hellman-group1-sha1
to KexAlgorithms? and hmac-sha1
to MACs.
However, we do need a new Windows build with the latest Twisted as OpenSSH 6.9 has dropped support for the old key exchange message so Windows clients can no longer connect.
Twisted finally supports the new message (RFC4419, March 2006) since v15.5.0 (November 2015): https://twistedmatrix.com/trac/ticket/8100
comment:8 Changed 9 years ago by
OK, I'll make a new build in the coming weeks.
Similar to #285: Ubuntu Trusty uses an old version of Twisted conch, which has the same issue. (nothing we can do to fix that one)
comment:9 Changed 9 years ago by
I've just done this for xpra: we overwrite the newer Plink.exe at install time if we detect Windows XP: http://xpra.org/trac/ticket/1095.
(the default is the new Plink, which is win7 onwards only)
comment:11 Changed 9 years ago by
Bump
I spent a few days trying to build it myself and failed. Issues with gstreamer not working with python 2.7 and left with a winswitch build that doesn't run (quits immediately).
comment:13 Changed 8 years ago by
comment:14 Changed 8 years ago by
Owner: | changed from Antoine gmail to dfeldstern |
---|---|
Status: | accepted → assigned |
As per http://lists.devloop.org.uk/pipermail/shifter-users/2016-April/001507.html, the latest RC builds should be good.
If this works for you, please close the ticket.
comment:15 Changed 8 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Latest build works for me, thanks.
Thanks for the pointer, it does look like this will require a new build - which could be tricky because last time I looked at it, there were backwards incompatible changes in Twisted 10 or 11..