Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 08-05-2020, 12:49 PM
zeromiler zeromiler is offline
Registered User
 
Join Date: Apr 2010
Posts: 7
Stream Has Closed [CLOSE_TYPE_NONSPECIFIC]

I can SSH to this device from the Terminal App on my MAC (running 10.15.6), but can't from Secure CRT (running Version 8.7.2, build 2214). See below trace.

[PRINTER] : Printer initialization succeeded: Core Printing status code: 0
[LOCAL] : SSH2Core version 8.7.0.2214
[LOCAL] : Connecting to 10.15.124.86:22 ...
[LOCAL] : Resolved hostname to 10.15.124.86:22
SecureCRT - Version 8.7.2 (build 2214)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_12.1'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos] SPN : host@10.15.124.86
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos] The gssapi provider indicated a failure. Miscellaneous failure (see text)
No credentials cache file found (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache)
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos] SPN : host@10.15.124.86
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos] The gssapi provider indicated a failure. Miscellaneous failure (see text)
No credentials cache file found (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache)
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
No credentials cache file found (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache)
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
No credentials cache file found (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache) (negative cache)
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.2.752.43.14.2] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.2.752.43.14.2] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.2.752.43.14.2] The gssapi provider indicated a failure. An invalid name was supplied
[LOCAL] : GSS : [1.2.752.43.14.2] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.2.752.43.14.2] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.2.752.43.14.2] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.2.752.43.14.2] The gssapi provider indicated a failure. An invalid name was supplied
[LOCAL] : GSS : [1.2.752.43.14.2] Disabling gss mechanism
[LOCAL] : GSS : [1.2.752.43.14.2] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-m1xNP3rRAc6JVrs+BUdo5Q==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] The gssapi provider indicated a failure. An invalid name was supplied
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] The gssapi provider indicated a failure. An invalid name was supplied
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [1.2.752.43.14.2 (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-m1xNP3rRAc6JVrs+BUdo5Q==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.5.14] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.5.14] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.5.14] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.5.14] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.5.14] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.5.14] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.5.14] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.5.14] Disabling gss mechanism
[LOCAL] : GSS : [1.3.6.1.5.5.14] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-6Em1viOOK9MUfdI34X8izQ==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [1.3.6.1.5.5.14 (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-6Em1viOOK9MUfdI34X8izQ==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] The gssapi provider indicated a failure. Miscellaneous failure (see text)
unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] The gssapi provider indicated a failure. Miscellaneous failure (see text)
unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] Disabling gss mechanism
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-4s+AAtlALj0s3Z3xGjNXPQ==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [1.3.6.1.4.1.311.2.2.10 (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-4s+AAtlALj0s3Z3xGjNXPQ==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.5.1.5.2.7] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.5.1.5.2.7] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.5.1.5.2.7] The gssapi provider indicated a failure. An unsupported mechanism was requested
[LOCAL] : GSS : [1.3.5.1.5.2.7] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.5.1.5.2.7] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.5.1.5.2.7] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.5.1.5.2.7] The gssapi provider indicated a failure. An unsupported mechanism was requested
[LOCAL] : GSS : [1.3.5.1.5.2.7] Disabling gss mechanism
[LOCAL] : GSS : [1.3.5.1.5.2.7] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-B5Sl0rEWNJyWTODd+gPcDg==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] The gssapi provider indicated a failure. An unsupported mechanism was requested
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] The gssapi provider indicated a failure. An unsupported mechanism was requested
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [1.3.5.1.5.2.7 (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-B5Sl0rEWNJyWTODd+gPcDg==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.2.5] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.2.5] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.2.5] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.2.5] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.2.5] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.2.5] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.2.5] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.2.5] Disabling gss mechanism
[LOCAL] : GSS : [1.3.6.1.5.2.5] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] SPN : host@10.15.124.86
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] The gssapi provider indicated a failure. Miscellaneous failure (see text)
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[LOCAL] : Selected Kex Method = diffie-hellman-group1-sha1
[LOCAL] : Available Remote Host Key Algos = ssh-rsa
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = hmac-md5-etm@openssh.com,hmac-sha1-e...60@openssh.com,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = hmac-md5-etm@openssh.com,hmac-sha1-e...60@openssh.com,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none,zlib@openssh.com
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : KEXDH_INIT
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_CLOSED
[LOCAL] : Connected for 2 seconds, 1070 bytes sent, 1542 bytes received

[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : Connection closed.

Connection closed.
Reply With Quote
  #2  
Old 08-05-2020, 02:31 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,436
Hi zeromiler,

OpenSSH_12.1? That's a new one on me. What is the remote OS/device?

I'm going to just guess at the configuration options Terminal is using, but if SecureCRT still fails to connect, please get verbose output by adding -vvv to your ssh command.

Let's streamline this because there's a lot of unnecessary options configured. All these changes are in Session Options:
  • Connection / SSH2 / Advanced category, in the MAC grouping, please reorder so SHA2-256 is above SHA2-512
  • Connection / SSH2 category, in the Authentication grouping, please disable GSSAPI (per graphic below)
  • Connection/ SSH2 category, in the Key exchange grouping, please disable all Kerberos methods in addition to the ones with the strange numbering convention as shown in attachment below

  • Same category as above, please enable all available methods but *disable* diffie-hellman and put anything but diffie-hellman at the top (I would recommend the ecdh-sha2-nistp256, because it's the first one the remote lists):
[LOCAL] : Available Remote Kex Methods = ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[LOCAL] : Selected Kex Method = diffie-hellman-group1-sha1
Attached Images
File Type: png GSSAPI-and-Kerberos_Disable_Mac.png (269.8 KB, 84 views)
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 08-06-2020, 06:40 AM
zeromiler zeromiler is offline
Registered User
 
Join Date: Apr 2010
Posts: 7
Thanks Brenda.

This connection is to a Palo Alto M-200 Management Appliance (it's used to manage all the individual Palo Alto Firewalls in our environment).

Your recommendations resolved the issue. I unselected GSSAPI from the Authentication Options, along with removing all those other Key Exchange Methods, and moving ecdh-sha1-nistp256 to the top.

I can now log into the appliance successfully. See below output.


[PRINTER] : Printer initialization succeeded: Core Printing status code: 0
[LOCAL] : SSH2Core version 8.7.0.2214
[LOCAL] : Connecting to 10.15.124.86:22 ...
[LOCAL] : Resolved hostname to 10.15.124.86:22
SecureCRT - Version 8.7.2 (build 2214)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_12.1'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp256
[LOCAL] : Available Remote Host Key Algos = ssh-rsa
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = hmac-md5-etm@openssh.com,hmac-sha1-e...60@openssh.com,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = hmac-md5-etm@openssh.com,hmac-sha1-e...60@openssh.com,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none,zlib@openssh.com
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : SSH_MSG_KEX_ECDH_INIT
[LOCAL] : RECV : SSH_MSG_KEX_ECDH_REPLY
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash hex): 2f:02:fa:7c:ab:8f:d8:7a:20:f2:c0:39:a2:45:67:52:fa:9e:ce:52:7b:63:8d:07:12:73:10:05:07:29:7e:40
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash base64): LwL6fKuP2Hog8sA5okVnUvqezlJ7Y40HEnMQBQcpfkA
[LOCAL] : RECV: Remote Hostkey (SHA-1 hash): f5:46:d8:42:54:dc:0b:21:0c:9b:90:aa:dd:1f:2e:0a:0e:52:0b:72
[LOCAL] : RECV: Remote Hostkey (MD5 hash): 94:a6:da:d7:a7:16:51:ed:88:7c:1c:41:ca:94:ae:de
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : Authenticating as user <username.removed.for.privacy>
[LOCAL] : RECV : SSH_MSG_USERAUTH_BANNER
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password,keyboard-interactive]
[LOCAL] : SENT : USERAUTH_REQUEST [password]
[LOCAL] : RECV : AUTH_SUCCESS
[LOCAL] : SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
[LOCAL] : SEND[0]: Pty Request (rows: 35, cols: 130)
[LOCAL] : RECV[0]: pty request succeeded
[LOCAL] : SEND[0]: shell request
[LOCAL] : RECV[0]: shell request succeeded
Last login: Thu Aug 6 06:27:56 2020 from <IP.Address.Removed.For.Privacy>

Number of failed attempts since last successful login: 0

<username.removed.for.privacy>@<hostname.removed.for.privacy>(secondary-passive)>
Reply With Quote
  #4  
Old 08-06-2020, 07:01 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,436
Hi zeromiler,

Great! I am glad to hear the connection is successful. It was the move from diffie-hellman to another key exchange that was the actual solution.

I just like to tell (especially macOS) users to disable the Kerberos/GSSAPI options because it "junks up" the trace options output, and, it can cause delays in a non-Kerberos environment.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 05:14 PM.