Hi,

I am facing some problem in connecting to test.cleo.com from a SSH
client supplied by ssh.com.


I have downloaded the SSH source code (ssh-3.2.9.1.tar) from
ftp://ftp.ssh.fi/pub/ssh/ and compiled it on both Tru64 system and
Linux.

When I tried to connect to test.cleo.com through the ssh client, I am
getting the following error:

warning: Authentication failed.

Disconnected; key exchange or algorithm negotiation failed (Key
exchange failed.).

I have captured the debug messages by running ssh with debug level set
to 5. From the debug messages it is observed that the SSH server
(test.cleo.com) is using ssh-rsa as a default host key algorithm. But
the SSH client is using ssh-dss as a default host key algorithm. Hence
the first key exchange fails for the first key negotiation. Then the
second time client tries to negotiate the key exchange by using
ssh-rsa as a host key algorithm. The client is failing with "Signature
didn't match." error when it tries to process the response packet from
the server for the second key exchange packet.

The SSH server version of test.cleo.com is "SSH-2.0-Cleo
VLTrader/3.4.78 SSH FTP server [SERVER]".

I would like to know is there any known problem or compatibility
issues with our SSH client in communicating with a different type of
SSH servers?



I am copying the SSH client debug output here:



debug: SshUserFile/sshuserfile.c:740/ssh_userfile_init: uid = 501, euid = 501

debug: Ssh2/ssh2.c:1707/main: User config file not found, using
defaults. (Looked for '/home/akhil/.ssh2/ssh2_config')

debug: Ssh2/ssh2.c:1786/main: ssh_getopt(...) -> 100 'd'

debug: Ssh2/ssh2.c:1787/main: ssh_opterr = 0

debug: Ssh2/ssh2.c:1788/main: ssh_optind = 2

debug: Ssh2/ssh2.c:1789/main: ssh_optval = 1

debug: Ssh2/ssh2.c:1790/main: ssh_optopt = 100

debug: Ssh2/ssh2.c:1791/main: ssh_optreset = 0

debug: Ssh2/ssh2.c:1793/main: ssh_optarg = bf8e1bf0 "5"

debug: Ssh2/ssh2.c:1794/main: ssh_optmissarg = 0

debug: Ssh2/ssh2.c:1795/main: ssh_optargnum = 1

debug: Ssh2/ssh2.c:1796/main: ssh_optargval = 5

debug: Ssh2/ssh2.c:1744/main: remote host = "test.cleo.com"

debug: SshUserFile/sshuserfile.c:740/ssh_userfile_init: uid = 501, euid = 501

debug: Connecting to test.cleo.com, port 22... (SOCKS not used)

debug: Ssh2/ssh2.c:2410/main: Entering event loop.

debug: SshEventLoop/sshunixeloop.c:934/ssh_event_loop_run: Starting
the event loop.

debug: SshTcp/sshtcp.c:936/ssh_remove_non_matching_addresses_from_list:
Original address list = "208.46.32.210"

debug: SshTcp/sshtcp.c:939/ssh_remove_non_matching_addresses_from_list:
Fixed address list = "208.46.32.210"

debug: SshSigChld/sigchld.c:130/ssh_sigchld_real_callback: SIGCHLD received.

debug: Ssh2Client/sshclient.c:1441/ssh_client_wrap: Creating transport protocol.

debug: Ssh2Transport/trcommon.c:1968/ssh_tr_set_keys: Setting new keys
and algorithms

debug: Ssh2Transport/trcommon.c:1988/ssh_tr_set_keys: Allocating
cipher: name: none, key_len: 16.

debug: Ssh2Transport/trcommon.c:1968/ssh_tr_set_keys: Setting new keys
and algorithms

debug: Ssh2Transport/trcommon.c:1988/ssh_tr_set_keys: Allocating
cipher: name: none, key_len: 16.

debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version:
SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)

debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize:
Added method "publickey" to candidates.

debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize:
Added method "keyboard-interactive" to candidates.

debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize:
Added method "password" to candidates.

debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize:
Added "publickey" to usable methods.

debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize:
Added "keyboard-interactive" to usable methods.

debug: SshAuthMethodClient/sshauthmethodc.c:85/ssh_client_authentication_initialize:
Added "password" to usable methods.

debug: Ssh2Client/sshclient.c:1482/ssh_client_wrap: Creating userauth protocol.

debug: client supports 3 auth methods: 'publickey,keyboard-interactive,password'

debug: Ssh2Common/sshcommon.c:455/ssh_common_wrap: creating SshCommon object

debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip =
16.181.46.10, local port = 41856

debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip =
208.46.32.210, remote port = 22

debug: Ssh2Common/sshcommon.c:541/ssh_common_wrap: initializing
channel types and requests

debug: Ssh2Common/sshcommon.c:630/ssh_common_wrap: Creating connection protocol.

debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...

debug: Ssh2Common/sshcommon.c:639/ssh_common_wrap: connection protocol created

debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize:
Initializing ReadLine...

debug: SshTcp/sshtcp.c:314/tcp_connect_destroy_ctx: Destroying ConnectContext...

debug: Ssh2Transport/trcommon.c:641/ssh_tr_input_version: Reading
version number.

debug: Remote version: SSH-2.0-Cleo VLTrader/3.4.78 SSH FTP server [SERVER]

debug: Ssh2Transport/trcommon.c:1045/ssh_tr_make_kex1: Constructing
the first key exchange packet.

debug: SshProtoTrKex/trkex.c:228/ssh_kexdh_client_make_kex1: Making
first key exchange packet.

debug: Ssh2Transport/trcommon.c:2578/ssh_tr_output_kexinit_explicit:
local kexinit: kex algs = diffie-hellman-group1-sha1

debug: Ssh2Transport/trcommon.c:2588/ssh_tr_output_kexinit_explicit:
local kexinit: host key algs = ssh-dss,ssh-rsa

debug: Ssh2Transport/trcommon.c:2596/ssh_tr_output_kexinit_explicit:
local kexinit: ciphers c to s =
aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-c

bc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour

debug: Ssh2Transport/trcommon.c:2604/ssh_tr_output_kexinit_explicit:
local kexinit: ciphers s to c =
aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-c

bc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour

debug: Ssh2Transport/trcommon.c:2610/ssh_tr_output_kexinit_explicit:
local kexinit: macs c to s =
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96

debug: Ssh2Transport/trcommon.c:2616/ssh_tr_output_kexinit_explicit:
local kexinit: macs s to c =
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96

debug: Ssh2Transport/trcommon.c:2622/ssh_tr_output_kexinit_explicit:
local kexinit: compressions c to s = none,zlib

debug: Ssh2Transport/trcommon.c:2628/ssh_tr_output_kexinit_explicit:
local kexinit: compressions s to c = none,zlib

debug: Ssh2Transport/trcommon.c:2639/ssh_tr_output_kexinit_explicit:
local kexinit: first_packet_follows = TRUE

debug: Ssh2Transport/trcommon.c:555/ssh_tr_send_packet: Outgoing
empty, sending empty ignore packet.

debug: Ssh2Transport/trcommon.c:555/ssh_tr_send_packet: Outgoing
empty, sending empty ignore packet.

debug: Ssh2Transport/trcommon.c:1908/ssh_tr_input_kexinit: Getting a
SSH_MSG_KEXINIT packet from connection.

debug: Ssh2Transport/trcommon.c:1908/ssh_tr_input_kexinit: Getting a
SSH_MSG_KEXINIT packet from connection.

debug: Ssh2Transport/trcommon.c:1842/ssh_tr_process_received_kexinit:
Processing received SSH_MSG_KEXINIT.

debug: Ssh2Transport/trcommon.c:1169/ssh_tr_negotiate: Computing
algorithms from key exchange.

debug: Ssh2Transport/trcommon.c:1216/ssh_tr_negotiate: client: kex =
diffie-hellman-group1-sha1, hk_alg = ssh-dss,ssh-rsa

debug: Ssh2Transport/trcommon.c:1218/ssh_tr_negotiate: server: kex =
diffie-hellman-group1-sha1, hk_alg = ssh-rsa

debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c:
`', lang c to s: `'

debug: Ssh2Transport/trcommon.c:1378/ssh_tr_negotiate:
first_kex_packet_follows: FALSE

debug: Ssh2Transport/trcommon.c:1433/ssh_tr_negotiate: c_to_s: cipher
3des-cbc, mac hmac-sha1, compression none

debug: Ssh2Transport/trcommon.c:1436/ssh_tr_negotiate: s_to_c: cipher
3des-cbc, mac hmac-sha1, compression none

debug: Ssh2Transport/trcommon.c:1466/ssh_tr_negotiate: Chosen host key
algorithm: ssh-rsa, Chosen kex algorithm: diffie-hellman-group1-sha1,
Guessed wrong

debug: Ssh2Transport/trcommon.c:1471/ssh_tr_negotiate: Guessed host
key algorithm: ssh-dss, Guessed kex algorithm:
diffie-hellman-group1-sha1

debug: Ssh2Transport/trcommon.c:1045/ssh_tr_make_kex1: Constructing
the first key exchange packet.

debug: SshProtoTrKex/trkex.c:228/ssh_kexdh_client_make_kex1: Making
first key exchange packet.

debug: Ssh2Transport/trcommon.c:555/ssh_tr_send_packet: Outgoing
empty, sending empty ignore packet.

debug: Ssh2Transport/trcommon.c:2189/ssh_tr_input_kex2: Receiving
second key exchange packet.

debug: Ssh2Transport/trcommon.c:2189/ssh_tr_input_kex2: Receiving
second key exchange packet.

debug: Ssh2Client/sshclient.c:275/ssh_client_key_check: Got key of type ssh-rsa

debug: SshUserFile/sshuserfile.c:740/ssh_userfile_init: uid = 501, euid = 501

debug: SshUserFile/sshuserfile.c:740/ssh_userfile_init: uid = 501, euid = 501

debug: SshUserFiles/sshkeyblob2.c:573/ssh2_key_blob_decode: key blob
magic = 0x00000005

debug: Remote host key found from database.

debug: Ssh2Compat/ssh2compat.c:43/ssh_compat_rsa_public_key_change_scheme:
Public key scheme = 'if-modn')

debug: SshProtoTrKex/trkex.c:584/ssh_kex_keycheck_callback: Signature
didn't match.

debug: Ssh2Transport/trcommon.c:595/ssh_tr_up_disconnect:
Disconnecting: reason code: 3 message: 'Key exchange failed.'

debug: Ssh2Transport/trcommon.c:555/ssh_tr_send_packet: Outgoing
empty, sending empty ignore packet.

debug: Ssh2Common/sshcommon.c:169/ssh_common_disconnect: DISCONNECT
received: Key exchange failed.

debug: SshReadLine/sshreadline.c:2485/ssh_readline_eloop_uninitialize:
Uninitializing ReadLine...

warning: Authentication failed.

debug: Ssh2/ssh2.c:172/client_disconnect: locally_generated = TRUE

Disconnected; key exchange or algorithm negotiation failed (Key
exchange failed.).

debug: Ssh2Client/sshclient.c:1520/ssh_client_destroy: Destroying client.

debug: Ssh2Common/sshcommon.c:662/ssh_common_destroy: Destroying
SshCommon object.

debug: Ssh2Common/sshcommon.c:677/ssh_common_destroy: Calling clean-up hooks.

debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn object.

debug: Ssh2Transport/trcommon.c:3560/ssh_tr_up_destroy: Destroying
transport stream.

debug: Ssh2Transport/trcommon.c:101/ssh_tr_destroy_now: Destroying
SshTransportCommon object.

debug: Ssh2Transport/trcommon.c:55/ssh_tr_kex_cleanup: Cleaning up
after a key exchange.

debug: SshAuthMethodClient/sshauthmethodc.c:89/ssh_client_authentication_uninitialize:
Calling notification callback.

debug: Ssh2Client/sshclient.c:1588/ssh_client_destroy_finalize:
Destroying client completed.

debug: SshAuthMethodClient/sshauthmethodc.c:89/ssh_client_authentication_uninitialize:
Destroying authentication method array.

debug: SshUserFile/sshuserfile.c:740/ssh_userfile_init: uid = 501, euid = 501

debug: SshEventLoop/sshunixeloop.c:790/ssh_unregister_signal:
Reissuing signal for which callback was not yet delivered.

debug: SshEventLoop/sshunixeloop.c:558/ssh_event_loop_uninitialize:
Uninitialized the event loop.




Thanks in advance for any help on this.

Thanks & Regards,

Venkat