This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ssh 5.8p1 vs 5.5 on VPN (5.5 works, 5.6, 5.8 don't)


On Wed, Mar 9, 2011 at 11:35 AM, Mirko Vukovic  wrote:
> I had a problem with ssh 5.6 or 5.8 connecting across a VPN. ?I solved
> it by going back to ssh 5.5.
>
> But I don't understand the reason why 5.8 or 5.6 do not work. ?Here's the story:
>
> Actors:
> ?- laptop with cygwin 1.7 and openssh 5.8p1 on windows XP
> ?- desktop with redhat EL linux 5 with openssh 4.3p2
>
> When the machines are on the LAN, I can ssh from one to the other.
>
> Not so when the laptop is connecting to the company network via a VPN.
> ?- I can connect from the desktop to the laptop
> ?- I cannot connect from the laptop to the desktop
>
> Here is the trace when connecting from laptop to dekstop:
> OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011
> debug1: Reading configuration data /home/.ssh/config
> debug1: Reading configuration data /etc/ssh_config
> debug1: Connecting to a.b.c.d [a.b.c.d] port 22.
> debug1: Connection established.
> debug1: identity file /home/.ssh/id_rsa type 1
> debug1: identity file /home/.ssh/id_rsa-cert type -1
> debug1: identity file /home/.ssh/id_dsa type 2
> debug1: identity file /home/.ssh/id_dsa-cert type -1
> debug1: identity file /home/.ssh/id_ecdsa type -1
> debug1: identity file /home/.ssh/id_ecdsa-cert type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
> debug1: match: OpenSSH_4.3 pat OpenSSH_4*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.8
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> On the desktop (/var/log/secure), seconds after trying to establish
> the connection
> from the laptop I see:
> "fatal: Read from socket fails. Connection reset by peer"
>
> Luckily I found the 5.5 tar.bz2 file in my dist directories. ?Once I
> installed it using
> setup, I was able to connect using ssh (and unison)
>
> I did not see anything in the /usr/share/doc/Cygwin or
> /usr/share/doc/openssh/ that
> would point to a difference between 5.5 and 5.6, 5.8.
>
> Any thoughts on what could be causing the problem?
>
> Thanks,
>
> Mirko
>

It turns out I solved another problem by moving to the older version of ssh.

This involves a part I glossed over in the prior message:

My third computer is a desktop running windows XP and I use unison to
synchronize
files between the three computers.

This desktop is the center node of my unison universe: both the XP
laptop and the Linux
desktop synchronize to it.

Some time ago the unison synchronization between the XP desktop (ssh
5.8) and Linux
desktop (ssh 4.3) stopped working.  Unison was trying to write a file
DANGER.readme
to the /home directory.  Puzzlingly, the location is determined by the
HOME variable, which
points to /home/mirko

Once I switched the ssh version on the central node to 5.5, this error
disappeared.

I wonder if the new ssh versions instead of having a new bug or
feature, have uncovered
a problem in my cygwin setup.  On both my laptop and desktop I keep my
personal files
(what is usually under /home/mirko on Linux) under a plain /home.

When I get a chance, I may try to change that to /home/mirko on the
Windows machines
as well, and then check out the behavior of ssh 5.8.

Mirko

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]