Openssh compatibility problem?

Michael Makuch gmanedotorg@makuch.org
Wed Dec 31 01:35:00 GMT 2008 

Recently installed latest cygwin and can't ssh to it from older openssh rev.
Is there a known compatibility problem?

3 systems: plum, oak, pecan

I can ssh from pecan to oak. I cannot ssh from pecan to plum, it appears to
timeout. 

Versions of the 3 systems:

plum $ uname -a
CYGWIN_NT-5.1 plum 1.5.25(0.156/4/2) 2008-06-12 19:34 i686 Cygwin
plum $ ssh -V
OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008

oak $ uname -a
Linux oak 2.6.27.5-117.fc10.x86_64 #1 SMP Tue Nov 18 11:58:53 EST 2008 x86_64 x86_64 x86_64 GNU/Linux
oak $ cat /etc/fedora-release 
Fedora release 10 (Cambridge)
oak $ ssh -V
OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007

pecan $ uname -a
Linux pecan 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 i686 i386 GNU/Linux
pecan $ cat /etc/fedora-release 
Fedora release 7 (Moonshine)
pecan $ ssh -V
OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006

Sessions:

ssh from pecan to plum appears to timeout:

pecan $ ssh -vvvv plum
OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /home2/mkm/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to plum [192.168.2.21] port 22.
debug1: Connection established.
debug1: identity file /home2/mkm/.ssh/identity type -1
debug3: Not a RSA1 key file /home2/mkm/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
[snip more of same]
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home2/mkm/.ssh/id_rsa type 1
debug1: identity file /home2/mkm/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host 


ssh from pecan to oak works a.o.k:

pecan $ ssh -vvvvv oak
OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /home2/mkm/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to oak [192.168.2.15] port 22.
debug1: Connection established.
debug1: identity file /home2/mkm/.ssh/identity type -1
debug3: Not a RSA1 key file /home2/mkm/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
[snip more of same]
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home2/mkm/.ssh/id_rsa type 1
debug1: identity file /home2/mkm/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
[snip lots more lines then successful login]

ssh from oak to plum works a.o.k:
oak $ ssh -vvv mark@plum
OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to plum [192.168.2.21] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
[snip succeeds]


config files:
plum $ grep -v "^#" /etc/sshd_config|grep  -i "[a-z]"
Port 22
Protocol 2,1
StrictModes no
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
UsePrivilegeSeparation yes
Subsystem       sftp    /usr/sbin/sftp-server

oak $ grep -v "^#" /etc/ssh/sshd_config|grep  -i "[a-z]"
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
X11Forwarding yes
Subsystem       sftp    /usr/libexec/openssh/sftp-server

pecan $ grep -v "^#" /etc/ssh/ssh_config |grep -i "[a-z]"
Host *
Protocol 2,1
Host *
        GSSAPIAuthentication yes
        ForwardX11Trusted yes
        SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
        SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
        SendEnv LC_IDENTIFICATION LC_ALL

I prefer to not upgrade the version of openssh on pecan just now if I can avoid it.

I'd appreciate any clues. Thanks.



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list