[GTALUG] dh key exchange question.

Karen Lewellen klewellen at shellworld.net
Tue Oct 2 20:19:18 EDT 2018 

Thanks for these suggestions, but I do not have a Linux box.  I use ssh 
telnet   to reach a Linux shell.
I have  been debugging since Late June, with others here at least letting 
me know the  problem may be  due to locations removing access to my keys 
as dreamhost has done.
thanks though,
Karen



On Tue, 2 Oct 2018, Giles Orr wrote:

> On Tue, 2 Oct 2018 at 19:33, Karen Lewellen via talk <talk at gtalug.org>
> wrote:
>
>> Hi folks,
>> The accessible ssh client I use provides a way to send dh keys when I use
>> ssh TELNET to reach a location.
>> I have a bell dsl account, and since the first of July I have not been
>> able to reach dreamhost who hosts my office shell.
>> While I have not ruled out Bell as the problem, it started  one day when
>> they claimed to have a service interruption,  and refuse to discuss Linux
>> at all, I want to see if something else might have happened.
>> With very few exceptions, every place where I visit involving port 22
>> presents the same dh key exchange failure.
>> Was openssh updated on June 29 2018?
>> Hosting companies who use some  different Linux options for their shell
>> services, scientific for example, still work.  Shellworld does too, but we
>> use  a different port for ssh and the administrator  still allows most
>> public keys.
>> can anyone provide wisdom here?
>> Thanks,
>> Karen
>>
>
> Many technical answers have been given.  I would suggest starting with some
> simple debugging.
>
>     $ telnet dreamhost.com 22
>
> These days, a lot of distros don't have 'telnet' installed because it's
> considered insecure.  And they're not wrong - but it's also very useful for
> debugging.  So install it if it's not available.  Then try the above
> command line, which asks telnet to try to connect to dreamhost.com on port
> 22 (which is the standard SSH port).  (You should use whatever host name
> you would normally SSH to, which may be "someotherhost.dreamhost.com.")
> This is a connection that can't be completed, but it can still tell you
> something.  If someone in between is blocking port 22 (most likely Bell,
> but could be any intervening firewall possibly on your own machine or at
> your office), this attempt will fail entirely.  If, however, port 22 is
> available, you should see something like this:
>
>    $ telnet dreamhost.com 22
>    Trying 192.237.213.194...
>    Connected to dreamhost.com.
>    Escape character is '^]'.
>    SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.10
>
> This means you can reach your desired host over port 22, and the problem is
> something else (such as all the technical stuff that's already been
> discussed).  I just think it's good to start here.
>
> P.S. telnet has now left you stranded: as it suggests, hit Control-] (the
> close square bracket) and then type 'quit' at the 'telnet>' prompt.
>
> P.P.S. Looks like Dreamhost's main machine is using a very old version of
> SSH ...  7.4 is current.
>
> -- 
> Giles
> https://www.gilesorr.com/
> gilesorr at gmail.com
>

More information about the talk mailing list