Debian Bug report logs - #612607
Connecting to older ssh version has cipher negotiation problem

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stephen Olander-Waters <debian@luy.info>

To: submit@bugs.debian.org

Subject: Connecting to older ssh version has cipher negotiation problem

Date: Wed, 09 Feb 2011 08:56:49 -0600

Package: openssh-client
Version: 1:5.8p1-2

The problem is the dreaded "Read from socket failed".
The solution is to manually add the cipher to the command line.

Broken:
$ ssh -v stephen@hostname
OpenSSH_5.8p1 Debian-2, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to hostname [ip address] port 22.
debug1: Connection established.
debug1: identity fil  /home/foo/.ssh/id_rsa type -1
debug1: identity file /home/foo/.ssh/id_rsa-cert type -1
debug1: identity file /home/foo/.ssh/id_dsa type -1
debug1: identity file /home/foo/.ssh/id_dsa-cert type -1
debug1: identity file /home/foo/.ssh/id_ecdsa type -1
debug1: identity file /home/foo/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3p2-hpn
debug1: match: OpenSSH_4.3p2-hpn pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer

Fixed:
$ ssh -caes128-ctr stephen@hostname

Message #10 received at 612607@bugs.debian.org (full text, mbox, reply):

From: Timur Birsh <taem@linukz.org>

To: 612607@bugs.debian.org

Subject: Connecting to older ssh version has cipher negotiation problem

Date: Fri, 11 Feb 2011 14:34:48 +0600

Hi,

I'm having the same problem:

$ ssh -v host
OpenSSH_5.8p1 Debian-2, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/taem/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to host [10.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/taem/.ssh/id_rsa type -1
debug1: identity file /home/taem/.ssh/id_rsa-cert type -1
debug1: identity file /home/taem/.ssh/id_dsa type -1
debug1: identity file /home/taem/.ssh/id_dsa-cert type -1
debug1: identity file /home/taem/.ssh/id_ecdsa type -1
debug1: identity file /home/taem/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer

Thanks,
Timur

Message #21 received at 612607@bugs.debian.org (full text, mbox, reply):

From: Oren Held <oren@held.org.il>

To: 612607@bugs.debian.org

Subject: Issue in upstream

Date: Thu, 17 Feb 2011 01:33:25 +0200

I believe it's an issue in upstream, as it also reproduces with vanilla
(non-debian) tgz I compiled on the Debian machine, and was also reported on
Ubuntu and Archlinux.

It apparently began with v5.7p1.

See thread on openssh-unix-dev list and ubuntu bug
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493

Oren

Message #26 received at 612607@bugs.debian.org (full text, mbox, reply):

From: Kristofer Henriksson <kthenriksson@gmail.com>

To: 612607@bugs.debian.org

Subject: Bug Severity grave?

Date: Tue, 26 Apr 2011 14:16:29 -0400

I don't think this bug should be marked "grave", based on the Debian
policy outlined here: http://www.debian.org/Bugs/Developer#severities.
It doesn't make the package unusable, or cause data loss, or introduce
a major security hole. In fact, I don't see why it qualifies as
anything more than normal. Am I missing something? This bug is holding
the package up from migrating to testing, and it doesn't seem
warranted.

Thanks,
Kris

Message #37 received at 612607@bugs.debian.org (full text, mbox, reply):

From: Mike Kupfer <m.kupfer@acm.org>

To: 747098@bugs.debian.org, 612607@bugs.debian.org

Subject: can't ssh over OpenConnect from client running sid

Date: Thu, 27 Aug 2015 12:28:59 -0700

I've been seeing an issue that is very similar to what is described in
747098 and 612607, where there's a hang after

  ...
  debug1: kex: server->client aes128-ctr umac-64@openssh.com zlib@openssh.com
  debug1: kex: client->server aes128-ctr umac-64@openssh.com zlib@openssh.com
  debug1: sending SSH2_MSG_KEX_ECDH_INIT
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

This only happens when connecting through an OpenConnect tunnel; ssh
works fine when I'm not using VPN.

Specifying a cipher didn't help, but lowering the MTU for the VPN tunnel
from 1500 to 1300 fixed things.

# ip li set mtu 1300 dev vpn0

mike

Message #44 received at 612607@bugs.debian.org (full text, mbox, reply):

From: Nadège COQUART <Nadege.COQUART@apec.fr>

To: "IN@IMG.NET" <IN@IMG.NET>

Subject: RE: Very Urgent

Date: Mon, 18 Dec 2017 22:32:06 +0000

[Message part 1 (text/plain, inline)]

I am pleased to inform you about an urgent Transaction I have for you, kindly contact my Gmail: mrsalicechen06@gmail.com
 For more details.

Best Regards

[Message part 2 (text/html, inline)]

Message #51 received at 612607@bugs.debian.org (full text, mbox, reply):

From: "wang jianlin (wanda)" <imprensa@camaragyn.go.gov.br>

Subject: charity project

Date: Wed, 8 Apr 2020 03:06:31 -0300 (BRT)

[Message part 1 (text/plain, inline)]

You received a donation from wang jianlin answer for more details 
Wanda Group 

Esta mensagem pode conter informação confidencial ou privilegiada, sendo seu sigilo protegido por lei. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não pode usar, copiar ou divulgar as informações nela contidas ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor, avise imediatamente ao remetente, respondendo ao e-mail e em seguida apague-a. Agradecemos sua cooperação.

[Message part 2 (text/html, inline)]

Message #58 received at 612607-close@bugs.debian.org (full text, mbox, reply):

From: Matt Taggart <matt@lackof.org>

To: 612607-close@bugs.debian.org

Subject: RE: Connecting to older ssh version has cipher negotiation problem

Date: Tue, 4 Oct 2022 17:17:57 -0700

This bug report is 11 years old now and for a very old version of 
openssh. Also the original reporter appears to be connecting to a remote 
server with version string "OpenSSH_4.3p2-hpn" which appears to be some 
HP-UX version. Other reports don't provide enough info to be sure they 
are related and the linked Ubuntu bug is totally crazy with unrelated stuff.

Closing this, if you are reading this because some internet search for a 
problem you are having brought you here, feel free to file a new bug if 
A) you are using Debian, B) you have tested with a current version, and 
C) you provide plenty of details. :)

-- 
Matt Taggart
matt@lackof.org

Message #71 received at 612607@bugs.debian.org (full text, mbox, reply):

From: Thorsten Glaser <tg@debian.org>

To: 612607@bugs.debian.org

Cc: Matt Taggart <matt@lackof.org>

Subject: Re: Connecting to older ssh version has cipher negotiation problem

Date: Wed, 5 Oct 2022 22:52:17 +0000 (UTC)

For the record, -hpn is a contemporary patchset for high-performance
SSH throughput and actively maintained, from what I gather from the
OpenSSH mailing list.

And the bug isn’t restricted to that… I had the corresponding Launchpad
bug subscribed, so it must have hit me at some point.

I agree that 7 years after the last complaint it can probably be closed
but think it’s sad that the cause and fix were never found.

bye,
//mirabilos
-- 
Solange man keine schmutzigen Tricks macht, und ich meine *wirklich*
schmutzige Tricks, wie bei einer doppelt verketteten Liste beide
Pointer XORen und in nur einem Word speichern, funktioniert Boehm ganz
hervorragend.		-- Andreas Bogk über boehm-gc in d.a.s.r

Send a report that this bug log contains spam.