[Bug 1279999] Re: ssh login no longer works over vpn
Robie Basak
1279999 at bugs.launchpad.net
Fri Feb 14 18:05:38 UTC 2014
Thank you for taking the time to report this bug and helping to make
Ubuntu better.
I think it's entirely reasonable to change the ssh client to default to
a more secure set of ciphers and MACs in newer releases, in order to
make ssh connections more secure generally, and without information to
the contrary it seems likely that this is what has happened in your
case. Before we can evaluate whether this issue is a bug or not, I think
it's necessary to understand what specifics ciphers and/or MACs we are
talking about here.
Please could you identify the minimal set of specifically what ciphers
and MACs you had to enable to ssh to your server? Once done, please
change the bug status back to New.
** Changed in: openssh (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1279999
Title:
ssh login no longer works over vpn
Status in “openssh” package in Ubuntu:
Incomplete
Bug description:
jlquinn at wyvern:~$ lsb_release -rd
Description: Ubuntu 13.10
Release: 13.10
I log into work over an AT&T vpn. When I upgraded my client to Ubuntu 13.10, I was unable to ssh into my work machines. The ssh version upgrade was
2014-02-06 12:45:05 upgrade openssh-client:amd64 1:6.1p1-4
1:6.2p2-6ubuntu0.1
The ssh server machines are running CentOS 6.4. I alternatively
get:
Read from socket failed: Connection reset by peer
or a hang. Enabling debugging shows:
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer
or
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
After wandering the net, I found a suggestion to uncomment Ciphers and MACs in /etc/ssh/ssh_config. Making this change lets me log in again.
The default settings in ssh_config break a working system.
ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: ssh 1:6.2p2-6ubuntu0.1
ProcVersionSignature: Ubuntu 3.11.0-15.25-generic 3.11.10
Uname: Linux 3.11.0-15-generic x86_64
ApportVersion: 2.12.5-0ubuntu2.2
Architecture: amd64
Date: Thu Feb 13 15:50:41 2014
InstallationDate: Installed on 2010-04-30 (1385 days ago)
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
MarkForUpload: True
PackageArchitecture: all
SourcePackage: openssh
UpgradeStatus: Upgraded to saucy on 2014-02-06 (7 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1279999/+subscriptions
More information about the foundations-bugs
mailing list