[erlang-questions] sshd self connect problems

Alexander Petrovsky askjuise@REDACTED
Fri Oct 5 10:39:33 CEST 2018


Oh, you are absolutely right, the problem was in user  permission. Thanks a
lot

пт, 5 окт. 2018 г. в 10:00, Hans Nilsson R <hans.r.nilsson@REDACTED>:

> Hi,
>
> 1) Are there host keys in /etc/ssh ?
> 2) Are the *private* keys in /etc/ssh and that directory readable by the
> user running erl ?
>
> Note that it is potentially dangerous to make the private keys world
> readable.  I would
> recommend you to generate new host keys (ssh-keygen) in a separate
> directory readable only by the user
> running erlang.
>
> /Hans
>
> On 10/04/2018 11:13 PM, Alexander Petrovsky wrote:
> > Hello, I've some strange problem, when I run ssh server and try to
> connect
> > to it from code on the same machine I've got an error:
> >
> > Selection of key exchange algorithm failed
> >
> > Server:
> >
> >> ssh:daemon(Port, [{system_dir,            "/etc/ssh"},
> >>                               {subsystems,
> >>  [wm_ssh_sftp_ext:subsystem_spec(),
> >>
> >>  ssh_sftpd:subsystem_spec([{cwd, _CWD = "/"}])]},
> >>                               {user_passwords,    [{"user", "pass"}]}]).
> >
> >
> > Client:
> >
> >> Opts = [{user, "user"},
> >>              {password, "pass"},
> >>              {silently_accept_hosts, true}],
> >> ssh:connect(Node, Port, Opts, _Timeout = 5000).
> >
> >
> > When I capture ssh traffic I find out that the server doesn't suggest
> > `host_key_algorithms`
> >
> >                 kex_algorithms length: 257
> >>                 kex_algorithms string [truncated]:
> >>
> ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
> >>                 server_host_key_algorithms length: 0
> >>                 server_host_key_algorithms string: [Empty]
> >>                 encryption_algorithms_client_to_server length: 98
> >>                 encryption_algorithms_client_to_server string:
> >> aes256-gcm@REDACTED,aes256-ctr,aes192-ctr,aes128-gcm@REDACTED
> >> ,aes128-ctr,aes128-cbc,3des-cbc
> >>                 encryption_algorithms_server_to_client length: 98
> >>                 encryption_algorithms_server_to_client string:
> >> aes256-gcm@REDACTED,aes256-ctr,aes192-ctr,aes128-gcm@REDACTED
> >> ,aes128-ctr,aes128-cbc,3des-cbc
> >>                 mac_algorithms_client_to_server length: 37
> >>                 mac_algorithms_client_to_server string:
> >> hmac-sha2-256,hmac-sha2-512,hmac-sha1
> >>                 mac_algorithms_server_to_client length: 37
> >>                 mac_algorithms_server_to_client string:
> >> hmac-sha2-256,hmac-sha2-512,hmac-sha1
> >>                 compression_algorithms_client_to_server length: 26
> >>                 compression_algorithms_client_to_server string: none,
> >> zlib@REDACTED,zlib
> >>                 compression_algorithms_server_to_client length: 26
> >>                 compression_algorithms_server_to_client string: none,
> >> zlib@REDACTED,zlib
> >>                 languages_client_to_server length: 0
> >>                 languages_client_to_server string: [Empty]
> >>                 languages_server_to_client length: 0
> >>                 languages_server_to_client string: [Empty]
> >>                 First KEX Packet Follows: 0
> >>                 Reserved: 00000000
> >>             Padding String: 21850013139a828f718a
> >
> >
> > But the client has some values:
> >
> >                 kex_algorithms length: 257
> >>                 kex_algorithms string [truncated]:
> >>
> ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-grou
> >>                 server_host_key_algorithms length: 101
> >>                 server_host_key_algorithms string:
> >>
> ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss
> >>                 encryption_algorithms_client_to_server length: 98
> >>                 encryption_algorithms_client_to_server string:
> >> aes256-gcm@REDACTED,aes256-ctr,aes192-ctr,aes128-gcm@REDACTED
> >> ,aes128-ctr,aes128-cbc,3des-cbc
> >>                 encryption_algorithms_server_to_client length: 98
> >>                 encryption_algorithms_server_to_client string:
> >> aes256-gcm@REDACTED,aes256-ctr,aes192-ctr,aes128-gcm@REDACTED
> >> ,aes128-ctr,aes128-cbc,3des-cbc
> >>                 mac_algorithms_client_to_server length: 37
> >>                 mac_algorithms_client_to_server string:
> >> hmac-sha2-256,hmac-sha2-512,hmac-sha1
> >>                 mac_algorithms_server_to_client length: 37
> >>                 mac_algorithms_server_to_client string:
> >> hmac-sha2-256,hmac-sha2-512,hmac-sha1
> >>                 compression_algorithms_client_to_server length: 26
> >>                 compression_algorithms_client_to_server string: none,
> >> zlib@REDACTED,zlib
> >>                 compression_algorithms_server_to_client length: 26
> >>                 compression_algorithms_server_to_client string: none,
> >> zlib@REDACTED,zlib
> >>                 languages_client_to_server length: 0
> >>                 languages_client_to_server string: [Empty]
> >>                 languages_server_to_client length: 0
> >>                 languages_server_to_client string: [Empty]
> >>                 First KEX Packet Follows: 0
> >>                 Reserved: 00000000
> >>             Padding String: 49945334a432cfa4a0371700f6
> >
> >
> > Could someone help me please resolve this problem?
> >
> >
> >
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
> >
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-- 
Петровский Александр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20181005/c56306c6/attachment.htm>


More information about the erlang-questions mailing list