darcs repository web UI and hosting app. This is the main darcsden trunk, which also runs hub.darcs.net. (https://hub.darcs.net)
#163Connexion failure with recent openssh
I can't use ssh access on Ubuntu 16.04, with openssh 7.2p2. I see this:
darcs failed: Not a repository: fx@hub.darcs.net:fx/vc-darcs (The program "scp fx@hub.darcs.net:fx/vc-darcs//_darcs/inventory ./darcs1957747793424238335" failed with error: "Unable to negotiate with 173.255.219.222 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 ".)
See https://www.openssh.com/legacy.html
However, if I add the method for hub.darcs.net, an ssh connexion fails with this at the end of the output from -vv, which I assume needs debugging at that end:
Authenticated to hub.darcs.net ([173.255.219.222]:22). debug2: fd 5 setting O_NONBLOCK debug2: fd 6 setting O_NONBLOCK debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Entering interactive session. debug1: pledge: network debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK Connection to hub.darcs.net closed by remote host.
Sorry, I hadn't spotted that this is a duplicate, and even in the FAQ, but then I get the disconnect error even with the ssh config change.
The newer, recommended kex works but hasn't been merged for the following reasons: http://hub.darcs.net/ganesh/ssh/issue/5#comment-20161123T170839 Perhaps it we could temporarily deploy http://hub.darcs.net/pointfree/ssh-curve25519-sha256 just to hub.darcs.net for the sake of ux and security.
@fx: Does the output change after the
~/.ssh/configupdate? Can you post that snippet of your~/.ssh/config? Are you just doingdarcs push fx@hub.darcs.net:fx/vc-darcs?This is what I have in my ~/.ssh/config for hub.darcs.net:
Host hub.darcs.net ControlMaster no ForwardAgent no ForwardX11 no KexAlgorithms +diffie-hellman-group1-sha1This is what I get from
ssh -vv pointfree@hub.darcs.netupon authentication:Authenticated to hub.darcs.net ([173.255.219.222]:22). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Entering interactive session. debug1: pledge: network debug2: callback start debug2: fd 3 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug2: channel 0: request shell confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 2097152 rmax 32768 debug2: channel 0: rcvd ext data 1018 debug2: channel_input_status_confirm: type 100 id 0 PTY allocation request failed on channel 0 debug2: channel 0: rcvd ext data 52 debug2: channel_input_status_confirm: type 100 id 0 shell request failed on channel 0On my ubuntu 16.04 box with openssh 7.2p2, I have the same in ~/.ssh/config:
Host hub.darcs.net ControlMaster no ForwardAgent no ForwardX11 no KexAlgorithms +diffie-hellman-group1-sha1and can connect normally:
$ ssh hub.darcs.net -v OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g-fips 1 Mar 2016 debug1: Reading configuration data /home/simon/.ssh/config debug1: /home/simon/.ssh/config line 5: Applying options for * debug1: /home/simon/.ssh/config line 16: Applying options for hub.darcs.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to hub.darcs.net [173.255.219.222] port 22. debug1: Connection established. ... debug1: Authenticating to hub.darcs.net:22 as 'simon' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group1-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Server host key: ssh-rsa SHA256:C7v5yTl4PpF1QaXYM+rgccUGkik3XE7/VLjqCjcGIl8 debug1: Host 'hub.darcs.net' is known and matches the RSA host key. debug1: Found key in /home/simon/.ssh/known_hosts:18 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/simon/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to hub.darcs.net ([173.255.219.222]:22). ...- status set to closed
[I'm getting rather useless mail copies of this which have an empty text/plain part and unreadable text/html with no linebreaks.]
Yes, I have the same in .ssh/config as in the FAQ (apart from adding User).
Anyhow, I found what was going on to some extent. I looked again at the output and realized it said
debug1: Offering ECDSA public key: /home/fx/.ssh/id_ecdsa debug1: Authentication succeeded (publickey). Authenticated to hub.darcs.net ([173.255.219.222]:22).
but that wasn't one of my uploaded keys. I've just uploaded the rsa default one from this system, and it now connects OK. It seems a bit worrying that it reports successful authentication.
- status set to open
I didn't mean to close this, given the bogus authentication response.
