[GTALUG] dh key exchange question.

Giles Orr gilesorr at gmail.com
Tue Oct 2 19:24:06 EDT 2018 

On Tue, 2 Oct 2018 at 19:33, Karen Lewellen via talk <talk at gtalug.org>
wrote:

> Hi folks,
> The accessible ssh client I use provides a way to send dh keys when I use
> ssh TELNET to reach a location.
> I have a bell dsl account, and since the first of July I have not been
> able to reach dreamhost who hosts my office shell.
> While I have not ruled out Bell as the problem, it started  one day when
> they claimed to have a service interruption,  and refuse to discuss Linux
> at all, I want to see if something else might have happened.
> With very few exceptions, every place where I visit involving port 22
> presents the same dh key exchange failure.
> Was openssh updated on June 29 2018?
> Hosting companies who use some  different Linux options for their shell
> services, scientific for example, still work.  Shellworld does too, but we
> use  a different port for ssh and the administrator  still allows most
> public keys.
> can anyone provide wisdom here?
> Thanks,
> Karen
>

Many technical answers have been given.  I would suggest starting with some
simple debugging.

     $ telnet dreamhost.com 22

These days, a lot of distros don't have 'telnet' installed because it's
considered insecure.  And they're not wrong - but it's also very useful for
debugging.  So install it if it's not available.  Then try the above
command line, which asks telnet to try to connect to dreamhost.com on port
22 (which is the standard SSH port).  (You should use whatever host name
you would normally SSH to, which may be "someotherhost.dreamhost.com.")
This is a connection that can't be completed, but it can still tell you
something.  If someone in between is blocking port 22 (most likely Bell,
but could be any intervening firewall possibly on your own machine or at
your office), this attempt will fail entirely.  If, however, port 22 is
available, you should see something like this:

    $ telnet dreamhost.com 22
    Trying 192.237.213.194...
    Connected to dreamhost.com.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.10

This means you can reach your desired host over port 22, and the problem is
something else (such as all the technical stuff that's already been
discussed).  I just think it's good to start here.

P.S. telnet has now left you stranded: as it suggests, hit Control-] (the
close square bracket) and then type 'quit' at the 'telnet>' prompt.

P.P.S. Looks like Dreamhost's main machine is using a very old version of
SSH ...  7.4 is current.

-- 
Giles
https://www.gilesorr.com/
gilesorr at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20181002/a45b2d17/attachment.html>

More information about the talk mailing list