Package: openssh-server Version: 1:7.1p2-2 Severity: normal Dear Maintainer,
I'm trying to connect to my system from a Windows client using PuTTY. The particular version of PuTTY I'm using is TortoisePlink 0.63.0.9999 from the Xpra distribution. It supports the key exchange diffie-hellman-group-exchange-sha256, which OpenSSH also supports. However, it seems to be blocked by OpenSSH's compatibility mode. The pertinent line from the log: debug2: Compat: skipping algorithm "diffie-hellman-group-exchange-sha256" [preauth] I'm attaching the complete log. Note that I'm using sslh to forward ssh traffic arriving on port 443 to localhost port 22. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.0.0 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.113+nmu3 ii cdebconf [debconf-2.0] 0.201 ii debconf [debconf-2.0] 1.5.58 ii dpkg 1.18.4 ii init-system-helpers 1.24 ii libaudit1 1:2.4.5-1 ii libc6 2.21-6 ii libcomerr2 1.42.13-1 ii libgssapi-krb5-2 1.13.2+dfsg-4 ii libkrb5-3 1.13.2+dfsg-4 ii libpam-modules 1.1.8-3.2 ii libpam-runtime 1.1.8-3.2 ii libpam0g 1.1.8-3.2 ii libselinux1 2.4-3 ii libssl1.0.2 1.0.2e-1 ii libsystemd0 228-4 ii libwrap0 7.6.q-25 ii lsb-base 9.20160110 ii openssh-client 1:7.1p2-2 ii openssh-sftp-server 1:7.1p2-2 ii procps 2:3.3.11-3 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages openssh-server recommends: ii ncurses-term 6.0+20151024-2 ii xauth 1:1.0.9-1 Versions of packages openssh-server suggests: ii molly-guard 0.6.2 ii monkeysphere 0.37-3 ii rssh 2.3.4-4+b1 ii ssh-askpass 1:1.2.4.1-9 ii ssh-askpass-gnome [ssh-askpass] 1:7.1p2-1 ii ufw 0.34-2 -- debconf information: ssh/new_config: true ssh/vulnerable_host_keys: ssh/disable_cr_auth: false * ssh/insecure_telnetd: ssh/insecure_rshd: ssh/encrypted_host_key_but_no_keygen: * ssh/use_old_init_script: true openssh-server/permit-root-login: false
# /usr/sbin/sshd -dd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 1235 debug2: parse_server_config: config /etc/ssh/sshd_config len 1235 debug1: sshd version OpenSSH_7.1, OpenSSL 1.0.2e 3 Dec 2015 debug1: private host key #0: ssh-rsa SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX debug1: private host key #1: ssh-ed25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-dd' debug1: Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 127.0.0.1 port 44436 on 127.0.0.1 port 22 debug1: Client protocol version 2.0; client software version PuTTY_Local:_Mar_19_2015_19:02:45 debug1: match: PuTTY_Local:_Mar_19_2015_19:02:45 pat PuTTY_Local:*,PuTTY-Release-0.5*,PuTTY_Release_0.5*,PuTTY_Release_0.60*,PuTTY_Release_0.61*,PuTTY_Release_0.62*,PuTTY_Release_0.63*,PuTTY_Release_0.64* compat 0x00004000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1p2 Debian-2 debug2: fd 3 setting O_NONBLOCK debug2: Network child is on pid 32034 debug1: permanently_set_uid: 101/65534 [preauth] debug2: compat_kex_proposal: original KEX proposal: curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 [preauth] debug2: Compat: skipping algorithm "diffie-hellman-group-exchange-sha256" [preauth] debug2: compat_kex_proposal: compat KEX proposal: curve25519-sha...@libssh.org [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: kex_parse_kexinit: curve25519-sha...@libssh.org [preauth] debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 [preauth] debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth] debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr [preauth] debug2: kex_parse_kexinit: hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com [preauth] debug2: kex_parse_kexinit: hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com [preauth] debug2: kex_parse_kexinit: none,z...@openssh.com [preauth] debug2: kex_parse_kexinit: none,z...@openssh.com [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1 [preauth] debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth] debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth] debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth] debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth] debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5 [preauth] debug2: kex_parse_kexinit: none,zlib [preauth] debug2: kex_parse_kexinit: none,zlib [preauth] debug2: kex_parse_kexinit: [preauth] debug2: kex_parse_kexinit: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: kex: client->server aes256-ctr hmac-sha2-256 none [preauth] debug1: kex: server->client aes256-ctr hmac-sha2-256 none [preauth] Unable to negotiate with 127.0.0.1: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: Killing privsep child 32034 debug1: audit_event: unhandled event 12