VanDyke Software Forums

Go Back   VanDyke Software Forums > SecureCRT 5.1/SecureFX 3.1/VShell 2.6 Beta
User Name
Password
FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Display Modes
  #1  
Old 02-22-2006, 03:41 PM
balki balki is offline
Registered User
 
Join Date: Oct 2005
Posts: 10
unable to connect solaris10 ssh(SSH-1.5-Sun_SSH)

I am getting this error,

SecureCRT has disconnected from the server. Reason:
Protocol version mismatch. Required protocol version is 2.0. Received version was 1.5-Sun_SSH_1.1.

Here is the trace,
SecureCRT - Version 5.0.0 (build 992)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT.
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_CLOSING.
[LOCAL] : Changing state from STATE_CLOSING to STATE_CLOSED.
[LOCAL] : Connected for 0 seconds, 47 bytes sent, 20 bytes received


Can somebody help me resolve it.

Thanks
  #2  
Old 02-22-2006, 03:55 PM
toloughlin's Avatar
toloughlin toloughlin is offline
Senior Member
 
Join Date: Feb 2004
Location: Nashua, NH
Posts: 378
Is SecureCRT set to use SSH2?
If so, can you change it to SSH1, as the remote server appears to be SSH1.

Also, you may want to upgrade to the latest 5.0 (5.0.5).
__________________
----------------------------------------------
Tom O'Loughlin
  #3  
Old 02-22-2006, 04:01 PM
Chris Chris is offline
VanDyke Developer
 
Join Date: May 2004
Location: Albuquerque, NM
Posts: 13
Quote:
Originally Posted by balki
I am getting this error,

SecureCRT has disconnected from the server. Reason:
Protocol version mismatch. Required protocol version is 2.0. Received version was 1.5-Sun_SSH_1.1.

[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"
The SSH-1.5 part of the remote identifier means the server only supports ssh protocol 1. If you change the protocol for this session to SSH1 you should be able to connect to the server. You can do this from the Connection page of the Session Options dialog.

For future reference:
SSH-1.5 means the server supports ssh protocol 1 only
SSH-1.99 means the server supports ssh protocol 1 and 2
SSH-2.0 means the server supports ssh protocol 2 only
  #4  
Old 02-22-2006, 04:03 PM
toloughlin's Avatar
toloughlin toloughlin is offline
Senior Member
 
Join Date: Feb 2004
Location: Nashua, NH
Posts: 378
Quote:
SSH-1.5 means the server supports ssh protocol 1 only
SSH-1.99 means the server supports ssh protocol 1 and 2
SSH-2.0 means the server supports ssh protocol 2 only
Good info!
__________________
----------------------------------------------
Tom O'Loughlin
  #5  
Old 02-22-2006, 04:10 PM
balki balki is offline
Registered User
 
Join Date: Oct 2005
Posts: 10
I am still having issues,

SecureCRT - Version 5.0.0 (build 992)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_IDENTIFIER.
[LOCAL] : Using protocol SSH1
[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"
[LOCAL] : Changing state from STATE_EXPECT_IDENTIFIER to STATE_EXPECT_SERVER_KEY.
[LOCAL] : SEND : Our Identifier = "SSH-1.5-1.0"
[LOCAL] : RECV : Server's public key
[LOCAL] : Server supports the following ciphers: 3des-cbc, blowfish-cbc
[LOCAL] : Client cipher(s) = blowfish-cbc,3des-cbc,arcfour,des-cbc
[LOCAL] : Selected cipher = blowfish-cbc
[LOCAL] : SEND : SSH_MSG_SESSION_KEY

[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_EXPECT_SERVER_KEY to STATE_CLOSED.
[LOCAL] : Connected for 1 seconds, 168 bytes sent, 592 bytes received


It shows both versions,

KSH#ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

Last edited by balki; 02-22-2006 at 04:26 PM.
  #6  
Old 02-22-2006, 07:09 PM
jjh jjh is offline
VanDyke Customer Support
 
Join Date: Feb 2004
Posts: 815
Hello Balki.

Thank you for providing the trace options output.

Would you also be able to get a hold of the server log?

Have you tried editing the ssh configuration file on the
server to allow SSH2?

Thank you

JJH
  #7  
Old 02-23-2006, 09:49 AM
balki balki is offline
Registered User
 
Join Date: Oct 2005
Posts: 10
Here is log entry from /var/adm/messages

Feb 23 09:49:00 daniels sshd[23840]: [ID 800047 auth.crit] fatal: cipher_init: EVP_CipherInit: set key failed for blowfish

Here is the listing of /etc/ssh/sshd_config file. Let me know which do I need to set ...
# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/bin:/usr/bin:/usr/openwin/bin:/packages/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
Compression no

#MaxStartups 10
# no default banner path
Banner /etc/issue
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /opt/openssh-3.4/libexec/sftp-server
  #8  
Old 02-23-2006, 06:49 PM
jjh jjh is offline
VanDyke Customer Support
 
Join Date: Feb 2004
Posts: 815
Hi Balki.

Thank you for providing that information.

Regarding the following error message:

Quote:
Feb 23 09:49:00 daniels sshd[23840]: [ID 800047
auth.crit] fatal: cipher_init: EVP_CipherInit: set key
failed for blowfish
It looks like the server is having trouble loading the
Blowfish algorithm. You might try making a change to the
Connection \ SSH2 \ Advanced category of your session
options to put the 3DES cipher higher in the list than
Blowfish. It looks like the server supports 3DES and if it
is having trouble with Blowfish, putting 3DES higher in
SecureCRT's list might give you better behavior.

Based on the config file that you provided, it looks like
the server is configured to allow both SSH1 and SSH2. The
fact that the server is configured to be able to use SSH1
and SSH2, but only advertises SSH1 might be a bug on the
server. One thing you might consider trying is to uncomment
the following line in the config file and remove the
reference to SSH1:

#Protocol 2,1

so basically, change that line to look like this:

Protocol 2

Then restart the service.

If that doesn't help, you might have to contact the
technical support team for the server manufacturer.

Does that help?

JJH
  #9  
Old 03-14-2006, 10:50 AM
mdella's Avatar
mdella mdella is offline
Registered User
 
Join Date: Mar 2004
Location: Scotts Valley, CA
Posts: 44
Solaris 10 settings...

Quote:
Originally Posted by balki
I am getting this error,

SecureCRT has disconnected from the server. Reason:
Protocol version mismatch. Required protocol version is 2.0. Received version was 1.5-Sun_SSH_1.1.

Here is the trace,
SecureCRT - Version 5.0.0 (build 992)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT.
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = "SSH-1.5-Sun_SSH_1.1"
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_CLOSING.
[LOCAL] : Changing state from STATE_CLOSING to STATE_CLOSED.
[LOCAL] : Connected for 0 seconds, 47 bytes sent, 20 bytes received
Look in the file /etc/ssh/sshd_config on your Solaris 10 server. Look for the following lines up near the top of the config file:

-----
# Uncomment ONLY ONE of the following Protocol statements.

# Only v2 (recommended)
Protocol 2

# Both v1 and v2 (not recommended)
#Protocol 2,1

# Only v1 (not recommended)
#Protocol 1
-----

Make sure that you have either the Protocol2 or Protocol 2,1 uncommented. If you have to change them, then you also need to kill off and restart the sshd system. Easiest way to do this under Solaris 10 is:

# svcadm restart ssh
__________________
Marcos Della
Data Center Cloud Architect
Nutanix

PGP Fingerprint: BDC7 AFFD E94F FA09 C839 9153 F5FF E128 3094 2B9E
Key ID: 0x30942B9E
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 08:54 PM.


copyright 1995-2017 VanDyke Software, Inc.