VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   Getting a Connection closed error when connecting to a Solaris/SunOS Box (https://forums.vandyke.com/showthread.php?t=11866)

bgagnon 02-05-2015 09:07 AM

Getting a Connection closed error when connecting to a Solaris/SunOS Box
 
Sorry, the original post was inadvertently deleted.


Originally posted by TheTinoF:

I'm getting a Connection closed error when connecting to a Solaris/SunOS Box...Here's my trace log.

[LOCAL] : SSH2Core version 7.3.0.685
[LOCAL] : Connecting to *(Hostname Redacted) *
SecureCRT - Version 7.3.1 (x64 build 685)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-Sun_SSH_1.1.3'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos] SPN : *(Redacted) *
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos (Group Exchange)] SPN : *(Redacted) *
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[LOCAL] : Selected Kex Method = gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : Available Remote Host Key Algos = ssh-rsa,ssh-dss
[LOCAL] : Selected Host Key Algo = ssh-dss
[LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Send Mac = hmac-sha1
[LOCAL] : Available Remote Recv Macs = hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Recv Mac = hmac-sha1
[LOCAL] : Available Remote Compressors = none,zlib
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : SPN : *(Hostname Redacted)*
[LOCAL] : SEND : KEXGSS_INIT [3156 bytes]
[LOCAL] : RECV : KEXGSS_HOSTKEY
[LOCAL] : RECV : KEXGSS_ERROR
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_CLOSED
[LOCAL] : Connected for 0 seconds, 4105 bytes sent, 1166 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : Connection closed.

Connection closed.

bgagnon 02-05-2015 09:16 AM

Hello TheTinoF,

Where the trace options ends indicates an issue with Key EXchange associated with GSSAPI authentication. :)

If you do not need to use GSSAPI authentication/Kerberos key exchange, you can disable (or reorder) those methods in the Connection / SSH2 category of SecureCRT's Session Options.

TheTinoF 02-05-2015 09:32 AM

Still getting the error...
 
I unchecked GSSAPI and still got an error...

[LOCAL] : SSH2Core version 7.3.0.685
[LOCAL] : Connecting to $Hostname$ ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-Sun_SSH_1.1.3'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos] SPN : host@prolbs05.unix.gsm1900.org
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos (Group Exchange)] SPN : host@prolbs05.unix.gsm1900.org
[LOCAL] : SEND : KEXINIT
SecureCRT - Version 7.3.1 (x64 build 685)
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[LOCAL] : Selected Kex Method = gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : Available Remote Host Key Algos = ssh-rsa,ssh-dss
[LOCAL] : Selected Host Key Algo = ssh-dss
[LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Send Mac = hmac-sha1
[LOCAL] : Available Remote Recv Macs = hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Recv Mac = hmac-sha1
[LOCAL] : Available Remote Compressors = none,zlib
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : SPN : $Hostname$
[LOCAL] : SEND : KEXGSS_INIT [3156 bytes]
[LOCAL] : RECV : KEXGSS_HOSTKEY
[LOCAL] : RECV : KEXGSS_ERROR
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_CLOSED
[LOCAL] : Connected for 0 seconds, 4105 bytes sent, 1166 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : Connection closed.

Connection closed.

bgagnon 02-05-2015 09:54 AM

Hello Tino,

Please refer to my email and supply what was requested there.

bgagnon 02-05-2015 11:13 AM

1 Attachment(s)
Hello,

The issue was resolved for this customer when he disabled GSSAPI in the Authentication grouping and two Kerberos key exchange methods in the Key exchange grouping of the Connection / SSH2 category of Session Options. See attachment.


All times are GMT -6. The time now is 01:42 PM.