Debian Bug report logs - #726579
Missing IP address in log "fatal: no hostkey alg"

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Karl Schmidt <karl@xtronics.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Missing IP address in log "fatal: no hostkey alg"

Date: Wed, 16 Oct 2013 15:05:36 -0500

Package: openssh-server
Version: 1:6.0p1-4
Severity: normal

 Oct 16 06:40:58 hostname sshd[9438]: fatal: no hostkey alg [preauth]     This log entry appears to 
be recording an attempt to connect with out stating the hostkey alg,
 but the IP that is trying to connect is not logged. It should log where the connect attempt 
originates.

 System Information:
Debian Release: 7.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.49
ii  dpkg                   1.16.12
ii  libc6                  2.13-38
ii  libcomerr2             1.42.5-1.1
ii  libgssapi-krb5-2       1.10.1+dfsg-5+deb7u1
ii  libkrb5-3              1.10.1+dfsg-5+deb7u1
ii  libpam-modules         1.1.3-7.1
ii  libpam-runtime         1.1.3-7.1
ii  libpam0g               1.1.3-7.1
ii  libselinux1            2.1.9-5
ii  libssl1.0.0            1.0.1e-2
ii  libwrap0               7.6.q-24
ii  lsb-base               4.1+Debian8+deb7u1
ii  openssh-client         1:6.0p1-4
ii  procps                 1:3.3.3-3
ii  zlib1g                 1:1.2.7.dfsg-13

Versions of packages openssh-server recommends:
ii  ncurses-term             5.9-10
ii  openssh-blacklist        0.4.1+nmu1
ii  openssh-blacklist-extra  0.4.1+nmu1
pn  xauth                    <none>

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
  ssh/vulnerable_host_keys:
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false

Message #10 received at 726579@bugs.debian.org (full text, mbox, reply):

From: Karl Schmidt <karl@xtronics.com>

To: 726579@bugs.debian.org

Subject: Years pass

Date: Thu, 28 Jul 2016 14:14:49 -0500

Having the IP address on the same line - with info log level is obviously needed for identifying 
attackers..


Yet still today --

From /var/log/auth.log


Jul 28 08:37:27 hostname sshd[12053]: fatal: no matching cipher found: client 
aes128-cbc,blowfish-cbc,3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr [preauth]



Jul 28 08:58:38 hostname sshd[12512]: fatal: Unable to negotiate a key exchange method [preauth]


Please pass this upstream or send me a contact there..

-- 
--------------------------------------------------------------------------------

Karl Schmidt                                  EMail Karl@xtronics.com
Transtronics, Inc.                              WEB https://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-3089

--------------------------------------------------------------------------------

Message #15 received at 726579@bugs.debian.org (full text, mbox, reply):

From: Karl Schmidt <karl@xtronics.com>

To: 726579@bugs.debian.org

Subject: Others have noticed

Date: Thu, 28 Jul 2016 14:18:09 -0500

https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv42794

-- 
--------------------------------------------------------------------------------

Karl Schmidt                                  EMail Karl@xtronics.com
Transtronics, Inc.                              WEB https://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-3089

--------------------------------------------------------------------------------

Message #20 received at 726579@bugs.debian.org (full text, mbox, reply):

From: Matthew Vernon <matthew@debian.org>

To: Karl Schmidt <karl@xtronics.com>

Cc: 726579@bugs.debian.org

Subject: Re: Bug#726579: Years pass

Date: Mon, 01 Aug 2016 11:49:05 +0100

Karl Schmidt <karl@xtronics.com> writes:

> Please pass this upstream or send me a contact there..

The upstream development list is reachable at
openssh-unix-dev@mindrot.org - you can find information (including how
to subscribe) here:

https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

HTH,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Message #25 received at 726579@bugs.debian.org (full text, mbox, reply):

From: Karl Schmidt <karl@xtronics.com>

To: 726579@bugs.debian.org

Subject: Apparently fixed in the version found in testing

Date: Mon, 1 Aug 2016 14:23:09 -0500

> $ ssh -p 2022 -o kexalgorithms=diffie-hellman-group1-sha1 localhost
>
> ssh_dispatch_run_fatal: Connection to 127.0.0.1: no matching key exchange method found [preauth]
>
> $ ssh -p 2022 -o ciphers=3des-cbc localhost
>
> ssh_dispatch_run_fatal: Connection to 127.0.0.1: no matching cipher found [preauth]

There is no backport of this - nor is it in the security update ( Probably should be as it effects 
security if running fail2ban )

As it is fixed in newer versions this bug probably should be closed.

-- 
--------------------------------------------------------------------------------

Karl Schmidt                                  EMail Karl@xtronics.com
Transtronics, Inc.                              WEB https://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-3089

"Never hire an A-student unless the job is to take exams"
Taleb
--------------------------------------------------------------------------------

Message #30 received at 726579@bugs.debian.org (full text, mbox, reply):

From: Karl Schmidt <karl@xtronics.com>

To: 726579@bugs.debian.org

Subject: Apparently fixed in the version found in testing

Date: Tue, 2 Aug 2016 14:27:00 -0500

Fixed upstream -

https://bugzilla.mindrot.org/show_bug.cgi?id=2327


It varies depending on exactly which bit you are looking at.

Remote IP addresses: bug#2257 since at least 6.9:
https://anongit.mindrot.org/openssh.git/commit/?id=639d6bc5

Remote port numbers: bug#2503, first in 7.2
https://anongit.mindrot.org/openssh.git/commit/?id=a4b9e0f4


-- 
--------------------------------------------------------------------------------

Karl Schmidt                                  EMail Karl@xtronics.com
Transtronics, Inc.                              WEB https://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-3089


A suit does not make one a man - nor does a degree make one educated. kps
--------------------------------------------------------------------------------

Send a report that this bug log contains spam.