unable to connect solaris10 ssh(SSH-1.5-Sun_SSH)

[balki]

I am getting this error,

SecureCRT has disconnected from the server. Reason:
Protocol version mismatch. Required protocol version is 2.0. Received version was 1.5-Sun_SSH_1.1.

Here is the trace,
SecureCRT - Version 5.0.0 (build 992)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT.
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_CLOSING.
[LOCAL] : Changing state from STATE_CLOSING to STATE_CLOSED.
[LOCAL] : Connected for 0 seconds, 47 bytes sent, 20 bytes received


Can somebody help me resolve it.

Thanks

[toloughlin]

Is SecureCRT set to use SSH2?
If so, can you change it to SSH1, as the remote server appears to be SSH1.

Also, you may want to upgrade to the latest 5.0 (5.0.5).

[Chris]

Quote:

Originally Posted by balki

I am getting this error,

SecureCRT has disconnected from the server. Reason:
Protocol version mismatch. Required protocol version is 2.0. Received version was 1.5-Sun_SSH_1.1.

[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"

The SSH-1.5 part of the remote identifier means the server only supports ssh protocol 1. If you change the protocol for this session to SSH1 you should be able to connect to the server. You can do this from the Connection page of the Session Options dialog.

For future reference:
SSH-1.5 means the server supports ssh protocol 1 only
SSH-1.99 means the server supports ssh protocol 1 and 2
SSH-2.0 means the server supports ssh protocol 2 only

[toloughlin]

Quote:

SSH-1.5 means the server supports ssh protocol 1 only
SSH-1.99 means the server supports ssh protocol 1 and 2
SSH-2.0 means the server supports ssh protocol 2 only

Good info!

[balki]

I am still having issues,

SecureCRT - Version 5.0.0 (build 992)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_IDENTIFIER.
[LOCAL] : Using protocol SSH1
[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"
[LOCAL] : Changing state from STATE_EXPECT_IDENTIFIER to STATE_EXPECT_SERVER_KEY.
[LOCAL] : SEND : Our Identifier = "SSH-1.5-1.0"
[LOCAL] : RECV : Server's public key
[LOCAL] : Server supports the following ciphers: 3des-cbc, blowfish-cbc
[LOCAL] : Client cipher(s) = blowfish-cbc,3des-cbc,arcfour,des-cbc
[LOCAL] : Selected cipher = blowfish-cbc
[LOCAL] : SEND : SSH_MSG_SESSION_KEY

[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_EXPECT_SERVER_KEY to STATE_CLOSED.
[LOCAL] : Connected for 1 seconds, 168 bytes sent, 592 bytes received


It shows both versions,

KSH#ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

[jjh]

Hello Balki.

Thank you for providing the trace options output.

Would you also be able to get a hold of the server log?

Have you tried editing the ssh configuration file on the
server to allow SSH2?

Thank you

JJH

[balki]

Here is log entry from /var/adm/messages

Feb 23 09:49:00 daniels sshd[23840]: [ID 800047 auth.crit] fatal: cipher_init: EVP_CipherInit: set key failed for blowfish

Here is the listing of /etc/ssh/sshd_config file. Let me know which do I need to set ...
# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/bin:/usr/bin:/usr/openwin/bin:/packages/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
Compression no

#MaxStartups 10
# no default banner path
Banner /etc/issue
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /opt/openssh-3.4/libexec/sftp-server

[jjh]

Hi Balki.

Thank you for providing that information.

Regarding the following error message:

Quote:

Feb 23 09:49:00 daniels sshd[23840]: [ID 800047
auth.crit] fatal: cipher_init: EVP_CipherInit: set key
failed for blowfish

It looks like the server is having trouble loading the
Blowfish algorithm. You might try making a change to the
Connection \ SSH2 \ Advanced category of your session
options to put the 3DES cipher higher in the list than
Blowfish. It looks like the server supports 3DES and if it
is having trouble with Blowfish, putting 3DES higher in
SecureCRT's list might give you better behavior.

Based on the config file that you provided, it looks like
the server is configured to allow both SSH1 and SSH2. The
fact that the server is configured to be able to use SSH1
and SSH2, but only advertises SSH1 might be a bug on the
server. One thing you might consider trying is to uncomment
the following line in the config file and remove the
reference to SSH1:

#Protocol 2,1

so basically, change that line to look like this:

Protocol 2

Then restart the service.

If that doesn't help, you might have to contact the
technical support team for the server manufacturer.

Does that help?

JJH

[mdella]

Quote:

Originally Posted by balki

I am getting this error,

SecureCRT has disconnected from the server. Reason:
Protocol version mismatch. Required protocol version is 2.0. Received version was 1.5-Sun_SSH_1.1.

Here is the trace,
SecureCRT - Version 5.0.0 (build 992)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT.
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_CLOSING.
[LOCAL] : Changing state from STATE_CLOSING to STATE_CLOSED.
[LOCAL] : Connected for 0 seconds, 47 bytes sent, 20 bytes received

Look in the file /etc/ssh/sshd_config on your Solaris 10 server. Look for the following lines up near the top of the config file:

-----
# Uncomment ONLY ONE of the following Protocol statements.

# Only v2 (recommended)
Protocol 2

# Both v1 and v2 (not recommended)
#Protocol 2,1

# Only v1 (not recommended)
#Protocol 1
-----

Make sure that you have either the Protocol2 or Protocol 2,1 uncommented. If you have to change them, then you also need to kill off and restart the sshd system. Easiest way to do this under Solaris 10 is:

# svcadm restart ssh