• Diese Seite verwendet Cookies. Indem du diese Website weiterhin nutzt, erklärst du dich mit der Verwendung von Cookies einverstanden. Erfahre mehr

HP Thinclient will nicht mit sshd

Errorsmith

Kompiliertier
Themenstarter #1
Hi

Wir bereiten gerade ein Update auf einem uralten Server vor, auf disem läuft ein Redhat Linux mit OpenSSH 4.3 und eine spezifische Anwendung die bestimmte, relativ spezielle Einstellungen für die Terminal-Emulation benötigt. Auf der Clientseite befinden sich HP Thin Clients (T520, Linux Version).
Um die erwähnten Terminaleinstellungen konfigurieren zu können, verwenden wir die eingebaute Anwendung "teemtalk". Der eingebaute ssh client erlaubt die notwendigen Einstellungen nicht. Leider funktioniert die Verbindung zum "neuen" ssh server nicht. Im Serverlog sieht das so aus:

Code:
[root@eh2-bsd-zbx02 ~]# /usr/sbin/sshd -Dddd -p 2222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 1772
debug2: parse_server_config: config /etc/ssh/sshd_config len 1772
debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:29 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:31 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:75 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:102 setting AllowAgentForwarding yes
debug3: /etc/ssh/sshd_config:103 setting AllowTcpForwarding yes
debug3: /etc/ssh/sshd_config:108 setting PermitTTY yes
debug3: /etc/ssh/sshd_config:110 setting PrintLastLog yes
/etc/ssh/sshd_config line 110: Unsupported option PrintLastLog
debug3: /etc/ssh/sshd_config:111 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:113 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:115 setting Compression no
debug3: /etc/ssh/sshd_config:116 setting ClientAliveInterval 1
debug3: /etc/ssh/sshd_config:117 setting ClientAliveCountMax 3
debug3: /etc/ssh/sshd_config:118 setting UseDNS no
debug3: /etc/ssh/sshd_config:130 setting Subsystem sftp    /usr/libexec/sftp-server
debug3: /etc/ssh/sshd_config:141 setting KexAlgorithms +diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug3: kex names ok: [diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug3: /etc/ssh/sshd_config:142 setting Ciphers +aes128-cbc,blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,blowfish-cbc,arcfour256,arcfour128,3des-cbc,aes192-ctr,aes128-ctr
debug3: /etc/ssh/sshd_config:143 setting HostKeyAlgorithms +ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ssh-ed25519,ssh-rsa,ssh-dss
debug3: /etc/ssh/sshd_config:144 setting PubkeyAcceptedKeyTypes +ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug3: /etc/ssh/sshd_config:145 setting Macs +umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug3: /etc/ssh/sshd_config:147 setting PermitUserEnvironment yes
debug1: sshd version OpenSSH_7.2, OpenSSL 1.0.2k-freebsd  26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:Z0lkq88Cn2mCAQlE4P1qan3cXVQvRPnyEjZx544K5Vw
debug1: private host key #1: ssh-dss SHA256:Hr8WF2O7iwzgGjMLkfjn6MgwGtfXNe9i9hhbwQ2q9Sc
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:ooVzNV0Jtb1P9c2Pq0VVKwiA5i1223ZcTRc+45KTmkQ
debug1: private host key #3: ssh-ed25519 SHA256:chYvmYC7jxgBwWuNbTPmc4aE4kA1ihPuqw6go1wcy+M
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug2: fd 3 setting O_NONBLOCK
debug3: Fssh_sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 2222 on ::.
debug1: Server TCP RWIN socket size: 65536
Server listening on :: port 2222.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 65536
Server listening on 0.0.0.0 port 2222.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 1772
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
debug1: res_init()
Connection from 10.20.16.90 port 57322 on 10.20.0.171 port 2222
debug1: Client protocol version 2.0; client software version HP-Client
debug1: no match: HP-Client
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2 FreeBSD-20161230
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour256,arcfour128,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour256,arcfour128,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer client KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-cbc,aes192-cbc,aes256-cbc,none,
debug2: ciphers stoc: aes128-cbc,aes192-cbc,aes256-cbc,none,
debug2: MACs ctos: hmac-md5,hmac-sha256,hmac-sha1,hmac-sha1-96,hmac-md5-96,none
debug2: MACs stoc: hmac-sha1,hmac-sha256,hmac-md5-96,hmac-sha1-96,hmac-md5,none
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-dss
debug1: kex: client->server cipher: aes128-cbc MAC: hmac-md5 compression: none
debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug2: bits set: 526/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug3: receive packet: type 30
debug2: bits set: 517/1024
debug3: send packet: type 31
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug3: receive packet: type 5
debug3: send packet: type 6
debug3: receive packet: type 50
debug1: userauth-request for user tctest service ssh-connection method password
debug1: attempt 0 failures 0
debug2: parse_server_config: config reprocess config len 1772
debug2: input_userauth_request: setting up authctxt for tctest
debug1: PAM: initializing for "tctest"
debug1: PAM: setting PAM_RHOST to "10.20.16.90"
debug2: input_userauth_request: try method password
debug3: PAM: sshpam_passwd_conv called with 1 messages
debug1: PAM: password authentication accepted for tctest
Accepted password for tctest from 10.20.16.90 port 57322 ssh2
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (success)
debug3: send packet: type 52
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug3: notify_hostkeys: key 0: ssh-rsa SHA256:Z0lkq88Cn2mCAQlE4P1qan3cXVQvRPnyEjZx544K5Vw
debug3: notify_hostkeys: key 1: ssh-dss SHA256:Hr8WF2O7iwzgGjMLkfjn6MgwGtfXNe9i9hhbwQ2q9Sc
debug3: notify_hostkeys: key 2: ecdsa-sha2-nistp256 SHA256:ooVzNV0Jtb1P9c2Pq0VVKwiA5i1223ZcTRc+45KTmkQ
debug3: notify_hostkeys: key 3: ssh-ed25519 SHA256:chYvmYC7jxgBwWuNbTPmc4aE4kA1ihPuqw6go1wcy+M
debug3: notify_hostkeys: sent 4 hostkeys
debug3: send packet: type 80
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 16777216 win 32768 max 1024
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
Connection closed by 10.20.16.90
debug1: channel 0: free: server-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 server-session (t10 r16777216 i0/0 o0/0 fd -1/-1 cc -1)

Close session: user tctest from 10.20.16.90 port 57322 id 0
debug3: session_unused: session id 0 unused
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
debug3: PAM: sshpam_thread_cleanup entering
Transferred: sent 2840, received 1056 bytes
Closing connection to 10.20.16.90 port 57322
Aus der Clientapplikation bekomme ich leider keine verwertbaren Logs. Und ich komme auch sonst nicht weiter.
Der normale SSH client funktioniert, ich erhalte eine Shell, auch die Verbindung von anderen Systemen aus (Linux, Win mit Putty etc) funktioniert. Das Problem ist also irgendwo in der Teemtalk Anwendung zu suchen. (Falls jemand weiß wie man da vernünftige Logs bekommt bin ich sehr sehr dankbar).

Verwendete Software:
System: FreeBSD 11.1
sshd: OpenSSH_7.2p2, OpenSSL 1.0.2k-freebsd 26 Jan 2017 (auch getestet mit OpenSSH 7.4, ohne Erfolg) - eine alte ssh (4.3) Version funktioniert.
client: Teemtalk 7.3.4.5105 (funktioniert nicht) / openssh client Version 5.9p1 (funktioniert)

Die Firmware auf dem thin client ist lt HP die "aktuellste" - kann also nicht weiter aktualisiert werden.
Auf dem sshd habe ich inzwischen alle Optionen die irgendwie relevant sein können getestet - ohne Erfolg.
Für jegliche Hinweise die mir helfen das ans laufen zu bekommen bin ich dankbar - weder Google oder ähnliches brachten mich bisher weiter.

Grüße,
Errorsmith
 

Yamagi

Possessed With Psi Powers
Mitarbeiter
#2
Hast du noch einmal die Ausgabe eines "ssh -vvv $server" von dem Thin Client aus? Eventuell sieht man da mehr wieso der Client abbricht. Blind geraten finden sie vielleicht keinen gemeinsamen Verschlüsselungsalgorithmus, aber die Log macht den Nebel vielleicht etwas dünner. ;)
 

pit234a

Well-Known Member
#3
ich lese mir das nun nicht durch und gebe nur mal blind weiter, was bei mir schon einige Male nötig war, um mich mit alten servern zu verbinden. Es gab dann allerdings Fehlermeldungen, die mir den Weg zeigten.
Ich musste dann in der ssh_config etwas eintragen und zeige hier mal, was da nun drin steht:
Code:
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha
einer davon oder beide Einträge waren die Lösung für mein Problem. Man sieht schon, dass es etwas mit geänderten Schlüssel, bzw Verfahren zu tun hat.
Inwieweit das für dich nun hilfreich sein könnte, kann ich nicht beurteilen. ich bin derzeit etwas in Zeitnot und lese deshalb nicht genau.
 

mr44er

Well-Known Member
#4
pit hat Recht, bin selber unlängst auf sowas gestolpert.

Code:
ssh -oHostKeyAlgorithms=+ssh-dss user@ip
Das würde eine Verbindung von einem neuen Client auf einen alten Server zulassen. Wenn ichs richtig verstehe, musst du aber in die andere Richtung? Das würde bedeuten, dass der (neuere Server) den best/größtmöglichen Verschlüsselungsalgo des Teemtalk nicht zulässt. Ich weiß jetzt nicht, ob man temporär mal sshd unverschlüsselt laufen lassen kann....eine Perversion, wenn ich drüber nachdenke.

OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe
cryptography.
* Support for the legacy SSH version 1 protocol is disabled by default at
compile time. Note that this also means that the Cipher keyword in
ssh_config(5) is effectively no longer usable; use Ciphers instead for
protocol 2. The openssh-client-ssh1 package includes „ssh1“, „scp1“,
and „ssh-keygen1“ binaries which you can use if you have no alternative
way to connect to an outdated SSH1-only server; please contact the
server administrator or system vendor in such cases and ask them to
upgrade.
* Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
disabled by default at run-time. It may be re-enabled using the
instructions at http://www.openssh.com/legacy.html
* Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
default at run-time. These may be re-enabled using the instructions at
http://www.openssh.com/legacy.html
* Support for the legacy v00 cert format has been removed.​
 

Errorsmith

Kompiliertier
Themenstarter #5
Hi

Das ist das Serverlog der (funktionierenden) Verbindung mit dem ssh client:
Code:
[root@eh2-bsd-zbx02 ~]# /usr/sbin/sshd -Dddd -p 2222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 1772
debug2: parse_server_config: config /etc/ssh/sshd_config len 1772
debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:29 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:31 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:75 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:102 setting AllowAgentForwarding yes
debug3: /etc/ssh/sshd_config:103 setting AllowTcpForwarding yes
debug3: /etc/ssh/sshd_config:108 setting PermitTTY yes
debug3: /etc/ssh/sshd_config:110 setting PrintLastLog yes
/etc/ssh/sshd_config line 110: Unsupported option PrintLastLog
debug3: /etc/ssh/sshd_config:111 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:113 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:115 setting Compression no
debug3: /etc/ssh/sshd_config:116 setting ClientAliveInterval 1
debug3: /etc/ssh/sshd_config:117 setting ClientAliveCountMax 3
debug3: /etc/ssh/sshd_config:118 setting UseDNS no
debug3: /etc/ssh/sshd_config:130 setting Subsystem sftp /usr/libexec/sftp-server
debug3: /etc/ssh/sshd_config:141 setting KexAlgorithms +diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug3: kex names ok: [diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug3: /etc/ssh/sshd_config:142 setting Ciphers +aes128-cbc,blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,blowfish-cbc,arcfour256,arcfour128,3des-cbc,aes192-ctr,aes128-ctr
debug3: /etc/ssh/sshd_config:143 setting HostKeyAlgorithms +ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ssh-ed25519,ssh-rsa,ssh-dss
debug3: /etc/ssh/sshd_config:144 setting PubkeyAcceptedKeyTypes +ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug3: /etc/ssh/sshd_config:145 setting Macs +umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug3: /etc/ssh/sshd_config:147 setting PermitUserEnvironment yes
debug1: sshd version OpenSSH_7.2, OpenSSL 1.0.2k-freebsd  26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:Z0lkq88Cn2mCAQlE4P1qan3cXVQvRPnyEjZx544K5Vw
debug1: private host key #1: ssh-dss SHA256:Hr8WF2O7iwzgGjMLkfjn6MgwGtfXNe9i9hhbwQ2q9Sc
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:ooVzNV0Jtb1P9c2Pq0VVKwiA5i1223ZcTRc+45KTmkQ
debug1: private host key #3: ssh-ed25519 SHA256:chYvmYC7jxgBwWuNbTPmc4aE4kA1ihPuqw6go1wcy+M
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug2: fd 3 setting O_NONBLOCK
debug3: Fssh_sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 2222 on ::.
debug1: Server TCP RWIN socket size: 65536
Server listening on :: port 2222.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 65536
Server listening on 0.0.0.0 port 2222.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 1772
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
debug1: res_init()
Connection from 10.20.7.22 port 48305 on 10.20.0.171 port 2222
debug1: Client protocol version 2.0; client software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5* compat 0x0c000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2 FreeBSD-20161230
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour256,arcfour128,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour256,arcfour128,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer client KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-md5 compression: none
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-md5 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug3: receive packet: type 30
debug3: send packet: type 31
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug3: receive packet: type 5
debug3: send packet: type 6
debug3: receive packet: type 50
debug1: userauth-request for user tctest service ssh-connection method none
debug1: attempt 0 failures 0
debug2: parse_server_config: config reprocess config len 1772
debug2: input_userauth_request: setting up authctxt for tctest
debug1: PAM: initializing for "tctest"
debug1: PAM: setting PAM_RHOST to "10.20.7.22"
debug2: input_userauth_request: try method none
Failed none for tctest from 10.20.7.22 port 48305 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive"
debug3: send packet: type 51
debug3: receive packet: type 50
debug1: userauth-request for user tctest service ssh-connection method keyboard-interactive
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=tctest devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug3: send packet: type 60
Postponed keyboard-interactive for tctest from 10.20.7.22 port 48305 ssh2
debug3: receive packet: type 61
debug2: PAM: sshpam_respond entering, 1 responses
debug3: ssh_msg_send: type 6
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (success)
debug3: ssh_msg_send: type 0
debug3: PAM: import_environments entering
debug3: sshpam_password_change_required 0
debug3: PAM: num env strings 0
debug1: PAM: num PAM env strings 0
debug3: send packet: type 60
Postponed keyboard-interactive/pam for tctest from 10.20.7.22 port 48305 ssh2
debug3: receive packet: type 61
debug2: PAM: sshpam_respond entering, 0 responses
debug3: PAM: sshpam_free_ctx entering
debug3: PAM: sshpam_thread_cleanup entering
Accepted keyboard-interactive/pam for tctest from 10.20.7.22 port 48305 ssh2
debug1: do_pam_account: called
debug3: send packet: type 52
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug3: notify_hostkeys: key 0: ssh-rsa SHA256:Z0lkq88Cn2mCAQlE4P1qan3cXVQvRPnyEjZx544K5Vw
debug3: notify_hostkeys: key 1: ssh-dss SHA256:Hr8WF2O7iwzgGjMLkfjn6MgwGtfXNe9i9hhbwQ2q9Sc
debug3: notify_hostkeys: key 2: ecdsa-sha2-nistp256 SHA256:ooVzNV0Jtb1P9c2Pq0VVKwiA5i1223ZcTRc+45KTmkQ
debug3: notify_hostkeys: key 3: ssh-ed25519 SHA256:chYvmYC7jxgBwWuNbTPmc4aE4kA1ihPuqw6go1wcy+M
debug3: notify_hostkeys: sent 4 hostkeys
debug3: send packet: type 80
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 80
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/5
debug1: Ignoring unsupported tty mode opcode 37 (0x25)
debug1: Ignoring unsupported tty mode opcode 52 (0x34)
debug1: Ignoring unsupported tty mode opcode 71 (0x47)
debug3: send packet: type 99
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Ignoring env request LANG: disallowed name
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/5 for tctest from 10.20.7.22 port 48305 id 0
debug2: fd 3 setting TCP_NODELAY
debug3: Fssh_ssh_packet_set_tos: set IP_TOS 0x10
debug2: channel 0: rfd 8 isatty
debug2: fd 8 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug3: send packet: type 99
debug1: Setting controlling tty using TIOCSCTTY.
debug2: channel 0: request keepalive@openssh.com confirm 1
debug3: send packet: type 98
debug3: receive packet: type 100
debug1: Got 100/13 for keepalive
debug2: channel 0: request keepalive@openssh.com confirm 1
debug3: send packet: type 98
debug3: receive packet: type 100
debug1: Got 100/14 for keepalive
debug2: channel 0: request keepalive@openssh.com confirm 1
debug3: send packet: type 98
debug3: receive packet: type 100
debug1: Got 100/15 for keepalive
debug2: channel 0: request keepalive@openssh.com confirm 1
debug3: send packet: type 98
debug3: receive packet: type 100
debug1: Got 100/16 for keepalive
debug2: channel 0: request keepalive@openssh.com confirm 1
debug3: send packet: type 98
debug3: receive packet: type 100
debug1: Got 100/17 for keepalive
debug2: channel 0: read<=0 rfd 8 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug3: send packet: type 96
debug2: channel 0: input drain -> closed
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 16327
debug1: session_exit_message: session 0 channel 0 pid 16327
debug2: channel 0: request exit-status confirm 0
debug3: send packet: type 98
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug3: send packet: type 98
debug2: channel 0: output open -> closed
debug1: session_pty_cleanup: session 0 release /dev/pts/5
debug2: channel 0: send close
debug3: send packet: type 97
debug3: channel 0: will not send data after close
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: is dead
debug2: channel 0: gc: notify user
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
Close session: user tctest from 10.20.7.22 port 48305 id 0
debug3: session_unused: session id 0 unused
debug2: channel 0: gc: user detached
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: server-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: receive packet: type 1
Received disconnect from 10.20.7.22 port 48305:11: disconnected by user
Disconnected from 10.20.7.22 port 48305
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
debug3: PAM: sshpam_thread_cleanup entering
und hier das clientlog:
Code:
user@HPc8d3ff3958eb:/root$ ssh -vvv -p 2222 tctest@10.20.0.171
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.20.0.171 [10.20.0.171] port 2222.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2 FreeBSD-20161230
debug1: match: OpenSSH_7.2 FreeBSD-20161230 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [10.20.0.171]:2222
debug3: load_hostkeys: loading entries for host "[10.20.0.171]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour256,arcfour128,3des-cbc
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour256,arcfour128,3des-cbc
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 68:f2:ad:5f:4b:04:65:6c:c6:d0:04:ee:eb:e4:7f:7a
debug3: put_host_port: [10.20.0.171]:2222
debug3: put_host_port: [10.20.0.171]:2222
debug3: load_hostkeys: loading entries for host "[10.20.0.171]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "[10.20.0.171]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: checking without port identifier
debug3: load_hostkeys: loading entries for host "10.20.0.171" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/user/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '10.20.0.171' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: found matching key w/out port
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_rsa ((nil))
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug3: no such identity: /home/user/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password for tctest@eh2-bsd-zbx02:
debug3: packet_send2: adding 32 (len 20 padlen 12 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 10.20.0.171 ([10.20.0.171]:2222).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug2: callback start
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env SHELL
debug3: Ignored env TERM
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env PATH
debug3: Ignored env MAIL
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env HOME
debug3: Ignored env SHLVL
debug3: Ignored env LANGUAGE
debug3: Ignored env LOGNAME
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env LESSCLOSE
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Thu Jun 14 17:54:18 2018 from 10.20.7.22
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
debug1: PAM: reinitializing credentials
debug3: Copy environment: BLOCKSIZE=K
debug3: Copy environment: MAIL=/var/mail/tctest
debug3: Copy environment: PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/tctest/bin
Environment:
  USER=tctest
  LOGNAME=tctest
  HOME=/home/tctest
  MAIL=/var/mail/tctest
  PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/tctest/bin
  TERM=xterm
  BLOCKSIZE=K
  SHELL=/usr/local/bin/bash
  SSH_CLIENT=10.20.7.22 48307 2222
  SSH_CONNECTION=10.20.7.22 48307 10.20.0.171 2222
  SSH_TTY=/dev/pts/5
"man tuning" gives some tips how to tune performance of your FreeBSD system.
                -- David Scheidt <dscheidt@tumbolia.com>
[tctest@eh2-bsd-zbx02 ~]$ debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
exit
logout
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

Connection to 10.20.0.171 closed.
Transferred: sent 2440, received 5240 bytes, in 5.4 seconds
Bytes per second: sent 448.9, received 963.9
debug1: Exit status 0
Und hier die sshd_config
Code:
#       $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
#       $FreeBSD: releng/11.1/crypto/openssh/sshd_config 311915 2017-01-11 05:56:40Z delphij $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PermitTTY yes
#PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
Compression no
ClientAliveInterval 1
ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#UseBlacklist no
#VersionAddendum FreeBSD-20161230

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server


#Legacy changes
KexAlgorithms +diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Ciphers +aes128-cbc,blowfish-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,blowfish-cbc,arcfour256,arcfour128,3des-cbc,aes192-ctr,aes128-ctr
HostKeyAlgorithms +ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ssh-ed25519,ssh-rsa,ssh-dss
PubkeyAcceptedKeyTypes +ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
Macs +umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-md5-96
# KexDHMin=1024
PermitUserEnvironment yes
Wie gesagt, mit dem ssh client als solches funktioniert es, die teemtalk Anwendung (die wir brauchen) geht hingegen nicht. Und die spuckt keine logs aus. Soweit ich das bisher sehen kann, nutzt die Anwendung nicht den standard openssh sondern eine eigene Bibliothek für SSH und bisher konnte ich nicht rausfinden wie man das zu ausführlicheren logs überreden kann.

@pit234a :
Du meinst die by default deaktivierten legacy Algorithmen / Ciphers. Die habe ich inzwischen drin, leider hilft das auch nicht weiter :-(

Soweit ich das sehe kommt er bis kurz nach der Authentifizierung, bekommt dann "channel open" von Server (packet 91) und killt dann die Verbindung (clientseitig). Ein tcpdump bestätigt diese Vermutung, der Client sendet zwei(!) TCP Pakete mit RST flag.

Grüße,
Errorsmith
 

Yamagi

Possessed With Psi Powers
Mitarbeiter
#6
Danke dir. Eine Log der Anwendung wäre natürlich schöner, aber was es nicht gibt, gibt es eben nicht. Daher:
  • Die Algorithmen können wir wohl ausschließen. Du hast die alten Algorithmen aktiviert und Client und Server müssten sich eigentlich treffen, denn laut Server-Log bietet der Client:
    Code:
    debug2: ciphers ctos: aes128-cbc,aes192-cbc,aes256-cbc,none,debug2: ciphers stoc: aes128-cbc,aes192-cbc,aes256-cbc,none,
    debug2: MACs ctos: hmac-md5,hmac-sha256,hmac-sha1,hmac-sha1-96,hmac-md5-96,none
    debug2: MACs stoc: hmac-sha1,hmac-sha256,hmac-md5-96,hmac-sha1-96,hmac-md5,none
    Das hätte ich gestern auch schon sehen können.
  • Das SSH 1 vs SSH 2 Problem auch, denn der Client spricht SSH 2.0:
    Code:
    debug1: Client protocol version 2.0; client software version HP-Client
  • Und letztendlich klappt der Login ja.
    Code:
    debug1: Entering interactive session for SSH2.
Zu diesem "HP-Client" findet man im Netz auch wirklich gar nichts. Vielleicht implementiert das Ding das SSH-Protokoll nicht korrekt, er verschluckt sich an dem Inhalt eines Pakets und loggt sich daraufhin wieder aus. Was wirklich Schlaues fällt mir nicht ein. Außer vielleicht einen alten sshd auf dem Server zu bauen und zu nutzen. Mit all seinen Nachteilen. :(
 

Errorsmith

Kompiliertier
Themenstarter #7
Hi

Danke dennoch für Deine Hilfe. Ich vermute auch das der neuere SSH irgendwas macht an dem sich der TC verschluckt. Was in dem Paket 91 "drin" ist habe ich bisher nicht herausfinden können da ich nicht weiß wie man SSH entschlüsselt. Und selbst wenn würde es vermutlich auch nicht helfen. Ich habe inzwischen herausgefunden das der Thin Client insofern "lügt" als das es durchaus eine aktuellere Version von diesem Teemtalk gibt. Zum Thema "non-standard" implementierung: Definitiv tut er das, unter anderem gibt es keine Möglichkeit den Hostschlüssel zu bestätigen (oder abzulehnen) - falls überhaupt eine Überprüfung stattfindet ignoriert der Client das Ergebnis und speichert den Schlüssel auch nirgends ab.

Ich werde als nächstes mal versuchen HP die neuer Version aus den Rippen zu leiern.

Grüße,
Errorsmith