Hi there!
I've installed OpenBSD 5.1 to my Macintosh SE/30. I can ssh from this machine to other hosts but I can't ssh to this machine. I already tried to rule out common issues (e.g. by disabling DNS) and tried to use least cost MACs with compression and ciphers turned off. Still, I'm unable to log in. As far as I can interpret the log files, it seems that the key exchange negotiation takes too long, leading to a timeout. This is why I was under the impression that too little computing power was the reason - any key "stuff" usually takes ages. This is the client log http://pastebin.com/PxC12xbx and this is the sshd log http://pastebin.com/11GR9Eqx Unfortunately, I'm no expert in SSH apart from the "usual" settings in sshd, so most likely I'm missing something. I just can't figure out what it is. Regards Steffen |
On Fri, Jun 15, 2012 at 07:05:31PM +0200, Steffen Breitbach wrote:
> Hi there! > > I've installed OpenBSD 5.1 to my Macintosh SE/30. I can ssh from > this machine to other hosts but I can't ssh to this machine. I > already tried to rule out common issues (e.g. by disabling DNS) and > tried to use least cost MACs with compression and ciphers turned > off. Still, I'm unable to log in. > As far as I can interpret the log files, it seems that the key > exchange negotiation takes too long, leading to a timeout. This is > why I was under the impression that too little computing power was > the reason - any key "stuff" usually takes ages. > > This is the client log > http://pastebin.com/PxC12xbx > > and this is the sshd log > http://pastebin.com/11GR9Eqx > > Unfortunately, I'm no expert in SSH apart from the "usual" settings > in sshd, so most likely I'm missing something. I just can't figure > out what it is. > > Regards > Steffen Try ssh -1 (you might need to enable protocol 1 in the server first: /etc/ssh/sshd_config: Protocol 1,2). -Otto |
Or if you do not wish to compromise on the ssh security, you could change
this in /etc/ssh/sshd_config #LoginGraceTime 2m LoginGraceTime 15m Then SIGHUP the sshd process. On Fri, Jun 15, 2012 at 09:04:04PM +0200, Otto Moerbeek wrote: > On Fri, Jun 15, 2012 at 07:05:31PM +0200, Steffen Breitbach wrote: > > > Hi there! > > > > I've installed OpenBSD 5.1 to my Macintosh SE/30. I can ssh from > > this machine to other hosts but I can't ssh to this machine. I > > already tried to rule out common issues (e.g. by disabling DNS) and > > tried to use least cost MACs with compression and ciphers turned > > off. Still, I'm unable to log in. > > As far as I can interpret the log files, it seems that the key > > exchange negotiation takes too long, leading to a timeout. This is > > why I was under the impression that too little computing power was > > the reason - any key "stuff" usually takes ages. > > > > This is the client log > > http://pastebin.com/PxC12xbx > > > > and this is the sshd log > > http://pastebin.com/11GR9Eqx > > > > Unfortunately, I'm no expert in SSH apart from the "usual" settings > > in sshd, so most likely I'm missing something. I just can't figure > > out what it is. > > > > Regards > > Steffen > > Try ssh -1 (you might need to enable protocol 1 in the server first: > /etc/ssh/sshd_config: Protocol 1,2). > > -Otto |
Hi Otto, hi David!
Am 16.06.2012 um 00:33 schrieb David Diggles: > Or if you do not wish to compromise on the ssh security, you could change > this in /etc/ssh/sshd_config > > #LoginGraceTime 2m > LoginGraceTime 15m > > Then SIGHUP the sshd process. > > On Fri, Jun 15, 2012 at 09:04:04PM +0200, Otto Moerbeek wrote: >> >> >> Try ssh -1 (you might need to enable protocol 1 in the server first: >> /etc/ssh/sshd_config: Protocol 1,2). >> >> -Otto > "Your sshd skill has improved +1" Thanks for your help. I also tried protocol version 1 before with the very same results. Obviously, the "sshd[17111]: fatal: Timeout before authentication for 192.168.23.26" line hinted at the "LoginGraceTime" parameter, which I didn't see in that context. SSH login now works both for protocol 1 and 2, but still negotiation is that slow that I think I'll install a telnetd. Security isn't an issue for now. Thanks again! Regards Steffen |
Free forum by Nabble | Edit this page |