[OpenBSD 5.1] No ssh login to SE/30 - too little computing power?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[OpenBSD 5.1] No ssh login to SE/30 - too little computing power?

Steffen Breitbach
Hi there!

I've installed OpenBSD 5.1 to my Macintosh SE/30. I can ssh from this
machine to other hosts but I can't ssh to this machine. I already tried
to rule out common issues (e.g. by disabling DNS) and tried to use least
cost MACs with compression and ciphers turned off. Still, I'm unable to
log in.
As far as I can interpret the log files, it seems that the key exchange
negotiation takes too long, leading to a timeout. This is why I was
under the impression that too little computing power was the reason -
any key "stuff" usually takes ages.

This is the client log
http://pastebin.com/PxC12xbx

and this is the sshd log
http://pastebin.com/11GR9Eqx

Unfortunately, I'm no expert in SSH apart from the "usual" settings in
sshd, so most likely I'm missing something. I just can't figure out what
it is.

Regards
   Steffen

Reply | Threaded
Open this post in threaded view
|

Re: [OpenBSD 5.1] No ssh login to SE/30 - too little computing power?

Otto Moerbeek
On Fri, Jun 15, 2012 at 07:05:31PM +0200, Steffen Breitbach wrote:

> Hi there!
>
> I've installed OpenBSD 5.1 to my Macintosh SE/30. I can ssh from
> this machine to other hosts but I can't ssh to this machine. I
> already tried to rule out common issues (e.g. by disabling DNS) and
> tried to use least cost MACs with compression and ciphers turned
> off. Still, I'm unable to log in.
> As far as I can interpret the log files, it seems that the key
> exchange negotiation takes too long, leading to a timeout. This is
> why I was under the impression that too little computing power was
> the reason - any key "stuff" usually takes ages.
>
> This is the client log
> http://pastebin.com/PxC12xbx
>
> and this is the sshd log
> http://pastebin.com/11GR9Eqx
>
> Unfortunately, I'm no expert in SSH apart from the "usual" settings
> in sshd, so most likely I'm missing something. I just can't figure
> out what it is.
>
> Regards
>   Steffen

Try ssh -1 (you might need to enable protocol 1 in the server first:
/etc/ssh/sshd_config: Protocol 1,2).

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: [OpenBSD 5.1] No ssh login to SE/30 - too little computing power?

David Diggles-2
Or if you do not wish to compromise on the ssh security, you could change
this in /etc/ssh/sshd_config

#LoginGraceTime 2m
LoginGraceTime 15m

Then SIGHUP the sshd process.

On Fri, Jun 15, 2012 at 09:04:04PM +0200, Otto Moerbeek wrote:

> On Fri, Jun 15, 2012 at 07:05:31PM +0200, Steffen Breitbach wrote:
>
> > Hi there!
> >
> > I've installed OpenBSD 5.1 to my Macintosh SE/30. I can ssh from
> > this machine to other hosts but I can't ssh to this machine. I
> > already tried to rule out common issues (e.g. by disabling DNS) and
> > tried to use least cost MACs with compression and ciphers turned
> > off. Still, I'm unable to log in.
> > As far as I can interpret the log files, it seems that the key
> > exchange negotiation takes too long, leading to a timeout. This is
> > why I was under the impression that too little computing power was
> > the reason - any key "stuff" usually takes ages.
> >
> > This is the client log
> > http://pastebin.com/PxC12xbx
> >
> > and this is the sshd log
> > http://pastebin.com/11GR9Eqx
> >
> > Unfortunately, I'm no expert in SSH apart from the "usual" settings
> > in sshd, so most likely I'm missing something. I just can't figure
> > out what it is.
> >
> > Regards
> >   Steffen
>
> Try ssh -1 (you might need to enable protocol 1 in the server first:
> /etc/ssh/sshd_config: Protocol 1,2).
>
> -Otto

Reply | Threaded
Open this post in threaded view
|

Re: [OpenBSD 5.1] No ssh login to SE/30 - too little computing power?

Steffen Breitbach
Hi Otto, hi David!

Am 16.06.2012 um 00:33 schrieb David Diggles:

> Or if you do not wish to compromise on the ssh security, you could change
> this in /etc/ssh/sshd_config
>
> #LoginGraceTime 2m
> LoginGraceTime 15m
>
> Then SIGHUP the sshd process.
>
> On Fri, Jun 15, 2012 at 09:04:04PM +0200, Otto Moerbeek wrote:
>>
>>
>> Try ssh -1 (you might need to enable protocol 1 in the server first:
>> /etc/ssh/sshd_config: Protocol 1,2).
>>
>> -Otto
>

"Your sshd skill has improved +1"

Thanks for your help. I also tried protocol version 1 before with the very
same results. Obviously, the "sshd[17111]: fatal: Timeout before
authentication for 192.168.23.26" line hinted at the "LoginGraceTime"
parameter, which I didn't see in that context.

SSH login now works both for protocol 1 and 2, but still negotiation is that
slow that I think I'll install a telnetd. Security isn't an issue for now.

Thanks again!

Regards
  Steffen