Bug#783313: python-paramiko: Can't talk to default jessie openssh servers (key exchange incompatible)

Sat, 25 Apr 2015 11:57:33 -0700 

On Sat, Apr 25, 2015 at 07:42:10PM +0100, Dominic Hargreaves wrote:
> Package: python-paramiko
> Version: 1.7.7.1-3.1
> Severity: important
> 
> As noted in <https://github.com/paramiko/paramiko/issues/423> versions
> of paramiko < 1.15.1 (well, 1.7.7.1-3.1 and 1.10.1-1~bpo70+1 tested
> by me) can't talk to OpenSSH 6.7 with its default cipher list. Whilst one
> can work around this by using a non-default cipherlist, we shouldn't
> require our users to configure ciphers considered to be insecure.
> 
> I can't actually see the related commit, but perhaps it's more obvious
> to someone else?
> 
> It would be great to have this fixed in a wheezy point-release.

Hmm, in fact even adding back all Ciphers and MACs, I can't get it working
again:

Ciphers 
aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256,blowfish-cbc,cast128-cbc
MACs 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1,hmac-sha1-96

(Interestingly enough, it works fine from squeeze -> jessie, just not
wheezy -> jessie).

Here's the traceback I forgot to include last time:

ssh: Exception: Incompatible ssh peer (no acceptable kex algorithm)
ssh: Traceback (most recent call last):
ssh:   File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 
1546, in run
ssh:     self._handler_table[ptype](self, m)
ssh:   File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 
1618, in _negotiate_keys
ssh:     self._parse_kex_init(m)
ssh:   File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 
1731, in _parse_kex_init
ssh:     raise SSHException('Incompatible ssh peer (no acceptable kex 
algorithm)')
ssh: SSHException: Incompatible ssh peer (no acceptable kex algorithm)

Dominic.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to