チケット #44141

cannot connect to Dropbear SSH server

登録: 2022-03-18 04:41 最終更新: 2022-06-25 09:45

報告者:
(匿名)
担当者:
(未割り当て)
チケットの種類:
状況:
完了
コンポーネント:
マイルストーン:
(未割り当て)
優先度:
5 - 中
重要度:
5 - 中
解決法:
不正
ファイル:
なし
投票
点数: 0
No votes
0.0% (0/0)
0.0% (0/0)

詳細

This seems to be because some newer versions of SSH have disabled old algorithms that are considered less safe.

The only indication I have is on the server side the log indicates:

Exit before auth from <10.120.???.???:51692>: No matching algo enc c->s

I am not aware how to enable SSH logging in TeraTerm, but I am willing to try that if provided with instructions

Thank you

チケットの履歴 (8 件中 3 件表示)

2022-03-18 04:41 更新者: None
  • 新しいチケット "cannot connect to Dropbear SSH server" が作成されました
2022-03-18 12:34 更新者: nmaya
  • コンポーネント(未割り当て) から TTSSH に更新されました
  • チケットの種類バグ から サポートリクエスト に更新されました
コメント

Thank you for your reporting.

If LogLevel in TTSSH section is set to 100, TTSSH outputs log to TTSSH.LOG file.

You can see software versions of each side, and algorithm proposals of each side.

Thanks,

2022-03-18 22:31 更新者: None
コメント

not really sure how to upload file ... fortunately it's not too big

2022-03-18 13:26:13.999Z [19376] ---------------------------------------------------------------------
2022-03-18 13:26:14.003Z [19376] Initiating SSH session
2022-03-18 13:26:14.027Z [19376] Received server identification string: SSH-2.0-dropbear_2020.80
2022-03-18 13:26:14.031Z [19376] Sent client identification string: SSH-2.0-TTSSH/2.92 Win32
2022-03-18 13:26:14.038Z [19376] CRYPT_set_random_data: RAND_bytes call
2022-03-18 13:26:14.042Z [19376] client proposal: KEX algorithm: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
2022-03-18 13:26:14.047Z [19376] client proposal: server host key algorithm: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
2022-03-18 13:26:14.051Z [19376] client proposal: encryption algorithm client to server: aes256-gcm@openssh.com,aes128-gcm@openssh.com,camellia256-ctr,aes256-ctr,camellia256-cbc,aes256-cbc,camellia192-ctr,aes192-ctr,camellia192-cbc,aes192-cbc,camellia128-ctr,aes128-ctr,camellia128-cbc,aes128-cbc,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,cast128-ctr,cast128-cbc,chacha20-poly1305@openssh.com
2022-03-18 13:26:14.056Z [19376] client proposal: encryption algorithm server to client: aes256-gcm@openssh.com,aes128-gcm@openssh.com,camellia256-ctr,aes256-ctr,camellia256-cbc,aes256-cbc,camellia192-ctr,aes192-ctr,camellia192-cbc,aes192-cbc,camellia128-ctr,aes128-ctr,camellia128-cbc,aes128-cbc,3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,cast128-ctr,cast128-cbc,chacha20-poly1305@openssh.com
2022-03-18 13:26:14.060Z [19376] client proposal: MAC algorithm client to server: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-md5-etm@openssh.com,hmac-md5
2022-03-18 13:26:14.064Z [19376] client proposal: MAC algorithm server to client: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-md5-etm@openssh.com,hmac-md5
2022-03-18 13:26:14.068Z [19376] client proposal: compression algorithm client to server: none
2022-03-18 13:26:14.073Z [19376] client proposal: compression algorithm server to client: none
2022-03-18 13:26:14.077Z [19376] CRYPT_set_random_data: RAND_bytes call
2022-03-18 13:26:14.081Z [19376] SSH2_MSG_KEXINIT was sent at SSH2_send_kexinit().
2022-03-18 13:26:14.086Z [19376] SSH2_MSG_KEXINIT was received.
2022-03-18 13:26:14.090Z [19376] server proposal: KEX algorithm: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au
2022-03-18 13:26:14.094Z [19376] server proposal: server host key algorithm: rsa-sha2-256,ssh-rsa
2022-03-18 13:26:14.098Z [19376] server proposal: encryption algorithm client to server: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr
2022-03-18 13:26:14.102Z [19376] server proposal: encryption algorithm server to client: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr
2022-03-18 13:26:14.106Z [19376] server proposal: MAC algorithm client to server: hmac-sha1,hmac-sha2-256
2022-03-18 13:26:14.110Z [19376] server proposal: MAC algorithm server to client: hmac-sha1,hmac-sha2-256
2022-03-18 13:26:14.115Z [19376] server proposal: compression algorithm client to server: zlib@openssh.com,none
2022-03-18 13:26:14.119Z [19376] server proposal: compression algorithm server to client: zlib@openssh.com,none
2022-03-18 13:26:14.124Z [19376] server proposal: language client to server: 
2022-03-18 13:26:14.128Z [19376] server proposal: language server to client: 
2022-03-18 13:26:14.132Z [19376] KEX algorithm: ecdh-sha2-nistp256
2022-03-18 13:26:14.137Z [19376] server host key algorithm: ssh-rsa
2022-03-18 13:26:14.141Z [19376] encryption algorithm client to server: aes256-ctr
2022-03-18 13:26:14.145Z [19376] encryption algorithm server to client: aes256-ctr
2022-03-18 13:26:14.149Z [19376] MAC algorithm client to server: hmac-sha2-256
2022-03-18 13:26:14.154Z [19376] MAC algorithm server to client: hmac-sha2-256
2022-03-18 13:26:14.158Z [19376] compression algorithm client to server: none
2022-03-18 13:26:14.162Z [19376] compression algorithm server to client: none
2022-03-18 13:26:14.166Z [19376] CRYPT_set_random_data: RAND_bytes call
2022-03-18 13:26:14.170Z [19376] SSH2_MSG_KEX_ECDH_INIT was sent at SSH2_ecdh_kex_init().
2022-03-18 13:26:14.189Z [19376] Terminating SSH session...

(編集済, 2022-03-18 23:47 更新者: doda)
2022-03-18 22:34 更新者: None
コメント

well, that went bad fast ... please see pastebin ...

https://pastebin.com/saj10XHK

2022-03-19 00:31 更新者: doda
コメント

This looks like a problem on the Dropbear side. This issue has been fixed in Dropbear 2020.81.

c.f. https://matt.ucc.asn.au/dropbear/CHANGES

- Fix regression in 2020.79 which prevented connecting with some SSH 
  implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log 
  message if the limit is hit. This fixes interoperability with sshj 
  library (used by PyCharm), and GoAnywhere.

Please upgrade Dropbear, or disable unused encryption algorithms on Tera Term.

2022-03-19 17:34 更新者: nmaya
コメント

Maybe this change fix this issue.

If you can not update the server software, you have to reduce enabled encryption algorithms to 20 or less.

2022-03-21 21:22 更新者: None
コメント

thanks. I will try that :)

2022-06-25 09:45 更新者: nmaya
  • 状況オープン から 完了 に更新されました
  • 解決法なし から 不正 に更新されました

添付ファイルリスト

添付ファイルはありません

編集

ログインしていません。ログインしていない状態では、コメントに記載者の記録が残りません。 » ログインする