[Bug 1311250] Re: Ubuntu 14.04 cannnot ssh into Chassis Manager

Edward Bustos Edward.bustos at hp.com
Wed Apr 23 20:02:03 UTC 2014 

Per Chris D. -> From what I interpret below, Ubuntu/OpenSSH has added
new ciphers to its support list.

What doesn't make sense is why that would affect the negotiation with
iLO-CM; it shouldn't matter if other ciphers are added, only if the ones
we want to use are still present.

I further interpret that there is some kind of limit on the total number
of ciphers. Meaning the new ciphers had squeezed out the older ones
somewhere?

Where is that limit on the number of ciphers? Is it in iLO-CM or
Ubuntu/OpenSSH?

But from the source material linked, there's another bug report, which appears to be open.
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1311250

Title:
   Ubuntu 14.04 cannnot ssh into Chassis Manager

Status in “openssh” package in Ubuntu:
  Won't Fix

Bug description:
  REPRO STEPS:
  Trying to ssh into iloCM from an Ubuntu 14.04 terminal ssh client
  (OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014). CM was running 1.20p20.

  $ssh -vvv Administrator at CM-DEKE.americas.hpqcorp.net

  Connection fails with this message:
  debug1: sending SSH2_MSG_KEXDH_INIT
  debug1: expecting SSH2_MSG_KEXDH_REPLY
  Received disconnect from 16.91.22.169: 3: Key echange error

  SUMMARY:
  Ubuntu 14.04 (OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014) Works for other servers - not iloCM alone.

  Workaround:

  Goto /etc/ssh/ssh_config
  Uncomment the line: Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

  This seems to limit the number of ciphers in use.

  Also seems to be a known problem with "certain" configurations of
  openssh client and server. Please see URL:
  http://www.held.org.il/blog/2011/05/the-myterious-case-of-broken-ssh-
  client-connection-reset-by-peer/

  Confirmed the failure with openssh-client 1:6.6p1-2ubuntu1.
  It works fine w/ 1:5.9p1-5ubuntu1 from precise.

  ubuntu at g3:~$ ssh -vvv Administrator at 10.193.24.200
  OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 19: Applying options for *
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to 10.193.24.200 [10.193.24.200] port 22.
  debug1: Connection established.
  debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
  debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
  debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
  debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
  debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
  debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
  debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
  debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1
  debug1: Remote protocol version 2.0, remote software version mpSSH_0.2.0
  debug1: no match: mpSSH_0.2.0
  debug2: fd 3 setting O_NONBLOCK
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
  debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
  debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
  debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
  debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit: first_kex_follows 0
  debug2: kex_parse_kexinit: reserved 0
  debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
  debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc
  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1
  debug2: kex_parse_kexinit: none
  debug2: kex_parse_kexinit: none
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit: first_kex_follows 0
  debug2: kex_parse_kexinit: reserved 0
  debug2: mac_setup: setup hmac-md5
  debug1: kex: server->client aes128-cbc hmac-md5 none
  debug2: mac_setup: setup hmac-md5
  debug1: kex: client->server aes128-cbc hmac-md5 none
  debug2: bits set: 1026/2048
  debug1: sending SSH2_MSG_KEXDH_INIT
  debug1: expecting SSH2_MSG_KEXDH_REPLY
  Received disconnect from 10.193.24.200: 3: Key echange error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1311250/+subscriptions

More information about the foundations-bugs mailing list