Bugzilla – Attachment 3261 Details for
Bug 2991
Not supports hmac-md5 ciphering technique
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
config's
Bugzilla-openssh-2.txt (text/plain), 10.93 KB, created by
Karthik Adiga
on 2019-04-12 15:24:11 AEST
(
hide
)
Description:
config's
Filename:
MIME Type:
Creator:
Karthik Adiga
Created:
2019-04-12 15:24:11 AEST
Size:
10.93 KB
patch
obsolete
>************** SERVER LOGS ******************* >============================================== ><@AK183000005:~# /usr/sbin/sshd -ddde -p 2222 >debug2: load_server_config: filename /etc/ssh/sshd_config >debug2: load_server_config: done config len = 1169 >debug2: parse_server_config: config /etc/ssh/sshd_config len 1169 >debug3: /etc/ssh/sshd_config:14 setting Protocol 2 >debug2: /etc/ssh/sshd_config line 14: Deprecated option Protocol >debug3: /etc/ssh/sshd_config:25 setting HostKeyAlgorithms ssh-dss >debug3: /etc/ssh/sshd_config:26 setting HostKey /etc/ssh/ssh_host_rsa_key >debug3: /etc/ssh/sshd_config:27 setting HostKey /etc/ssh/ssh_host_dsa_key >debug3: /etc/ssh/sshd_config:41 setting PermitRootLogin no >debug3: /etc/ssh/sshd_config:52 setting HostbasedAuthentication no >debug3: /etc/ssh/sshd_config:57 setting IgnoreRhosts yes >debug3: /etc/ssh/sshd_config:60 setting PasswordAuthentication no >debug3: /etc/ssh/sshd_config:61 setting PermitEmptyPasswords no >debug3: /etc/ssh/sshd_config:85 setting UsePAM yes >debug3: /etc/ssh/sshd_config:89 setting X11Forwarding no >debug3: /etc/ssh/sshd_config:97 setting PermitUserEnvironment no >debug3: /etc/ssh/sshd_config:100 setting ClientAliveInterval 900 >debug3: /etc/ssh/sshd_config:101 setting ClientAliveCountMax 0 >debug3: /etc/ssh/sshd_config:102 setting UseDNS no >debug3: /etc/ssh/sshd_config:107 setting Ciphers aes128-ctr,aes192-ctr,aes256-ctr >debug3: /etc/ssh/sshd_config:110 setting Banner /etc/ssh/warning_preauth >debug3: /etc/ssh/sshd_config:113 setting Subsystem sftp /usr/libexec/sftp-server >debug3: checking syntax for 'Match User Support' >debug3: checking syntax for 'Match (null)' >One or more attributes required for Match >/etc/ssh/sshd_config line 124: Bad Match condition > >========================================================================================================================================== > >*********** CLIENT LOGS with -vvv(verbose) ********** >======================================================= >-bash-4.1$ /usr/bin/ssh -vvv -i /home/admin/.ssh/lab_key_19.1 -p 222 -o HostKeyAlgorithms=ssh-dss localOperator@172.63.102.169 >OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 >debug1: Reading configuration data /home/admin/.ssh/config >debug1: Reading configuration data /etc/ssh/ssh_config >debug1: Applying options for * >debug2: ssh_connect: needpriv 0 >debug1: Connecting to 172.63.102.169 [172.63.102.169] port 222. >debug1: Connection established. >debug3: Not a RSA1 key file /home/admin/.ssh/lab_key_19.1. >debug2: key_type_from_name: unknown key type '-----BEGIN' >debug3: key_read: missing keytype >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug3: key_read: missing whitespace >debug2: key_type_from_name: unknown key type '-----END' >debug3: key_read: missing keytype >debug1: identity file /home/admin/.ssh/lab_key_19.1 type -1 >debug1: identity file /home/admin/.ssh/lab_key_19.1-cert type -1 >debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9 >debug1: match: OpenSSH_7.9 pat OpenSSH* >debug1: Enabling compatibility mode for protocol 2.0 >debug1: Local version string SSH-2.0-OpenSSH_5.3 >debug2: fd 3 setting O_NONBLOCK >debug1: SSH2_MSG_KEXINIT sent >debug3: Wrote 840 bytes for a total of 861 >debug1: SSH2_MSG_KEXINIT received >debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >debug2: kex_parse_kexinit: ssh-dss >debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se >debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 >debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib >debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com >debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com >debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >debug2: kex_parse_kexinit: none,zlib@openssh.com >debug2: kex_parse_kexinit: none,zlib@openssh.com >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: >debug2: kex_parse_kexinit: first_kex_follows 0 >debug2: kex_parse_kexinit: reserved 0 >debug2: mac_setup: found hmac-sha1 >debug1: kex: server->client aes128-ctr hmac-sha1 none >debug2: mac_setup: found hmac-sha1 >debug1: kex: client->server aes128-ctr hmac-sha1 none >no hostkey alg > >====================================================================================================================== >************** sshd_config **************** >============================================== >### DEFAULT GENERIC ### - root@AK183000005:~# cat /etc/ssh/sshd_config ># $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ > ># This is the sshd server system-wide configuration file. See ># sshd_config(5) for more information. > ># This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin > ># The strategy used for options in the default sshd_config shipped with ># OpenSSH is to specify options with their default value where ># possible, but leave them commented. Uncommented options change a ># default value. > >#Port 22 >Protocol 2 >#AddressFamily any >#ListenAddress 0.0.0.0 >#ListenAddress :: > ># HostKey for protocol version 1 >#HostKey /etc/ssh/ssh_host_key ># HostKeys for protocol version 2 >#HostKey /etc/ssh/ssh_host_rsa_key >#HostKey /etc/ssh/ssh_host_dsa_key > >HostKeyAlgorithms ssh-dss >HostKey /etc/ssh/ssh_host_rsa_key >HostKey /etc/ssh/ssh_host_dsa_key > ># Lifetime and size of ephemeral version 1 server key >#KeyRegenerationInterval 1h >#ServerKeyBits 768 > ># Logging ># obsoletes QuietMode and FascistLogging >#SyslogFacility AUTH >#LogLevel INFO > ># Authentication: > >#LoginGraceTime 2m >PermitRootLogin no >#StrictModes yes >#MaxAuthTries 6 > >#RSAAuthentication yes >#PubkeyAuthentication yes >#AuthorizedKeysFile .ssh/authorized_keys > ># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts >#RhostsRSAAuthentication no ># similar for protocol version 2 >HostbasedAuthentication no ># Change to yes if you don't trust ~/.ssh/known_hosts for ># RhostsRSAAuthentication and HostbasedAuthentication >#IgnoreUserKnownHosts no ># Don't read the user's ~/.rhosts and ~/.shosts files >IgnoreRhosts yes > ># To disable tunneled clear text passwords, change to no here! >PasswordAuthentication no >PermitEmptyPasswords no > ># Change to no to disable s/key passwords >#ChallengeResponseAuthentication yes > ># Kerberos options >#KerberosAuthentication no >#KerberosOrLocalPasswd yes >#KerberosTicketCleanup yes >#KerberosGetAFSToken no > ># GSSAPI options >#GSSAPIAuthentication no >#GSSAPICleanupCredentials yes > ># Set this to 'yes' to enable PAM authentication, account processing, ># and session processing. If this is enabled, PAM authentication will ># be allowed through the ChallengeResponseAuthentication and ># PasswordAuthentication. Depending on your PAM configuration, ># PAM authentication via ChallengeResponseAuthentication may bypass ># the setting of "PermitRootLogin without-password". ># If you just want the PAM account and session checks to run without ># PAM authentication, then enable this but set PasswordAuthentication ># and ChallengeResponseAuthentication to 'no'. >UsePAM yes > >#AllowTcpForwarding yes >#GatewayPorts no >X11Forwarding no >#X11DisplayOffset 10 >#X11UseLocalhost yes >#PrintMotd yes >#PrintLastLog yes >#TCPKeepAlive yes >#UseLogin no >#UsePrivilegeSeparation yes >PermitUserEnvironment no >#Compression delayed >#Idle session logout time >ClientAliveInterval 900 >ClientAliveCountMax 0 >UseDNS no >#PidFile /var/run/sshd.pid >#MaxStartups 10:30:100 >#PermitTunnel no > >Ciphers aes128-ctr,aes192-ctr,aes256-ctr > >#Banner /etc/warning_preauth2 >Banner /etc/ssh/warning_preauth > ># override default of no subsystems >Subsystem sftp /usr/libexec/sftp-server > ># Example of overriding settings on a per-user basis >#Match User anoncvs ># X11Forwarding no ># AllowTcpForwarding no ># ForceCommand cvs server >Match User Support >Banner /mnt/mainfs/passwd_data/ns_banner ># PermitTTY yes ># ForceCommand /bin/ls >Match >Match User ServiceProvider >Banner /mnt/mainfs/passwd_data/sp_banner > >Match > >Match User localOperator >Banner /etc/warning_preauth >Match > > >Match User labOperator >Banner /etc/warning_preauth >Match > > >Match User factoryOperator >Banner /etc/warning_preauth >Match > > >Match User Operator >Banner /etc/warning_preauth >Match > > >Match User labAdmin >Banner /etc/warning_preauth >Match > >Match User localAdmin >Banner /etc/warning_preauth >Match > > >Match User factoryAdmin >Banner /etc/warning_preauth >Match > >Match User Admin >Banner /etc/warning_preauth >Match
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3261">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2991
:
3260
| 3261 |
3262
|
3266