Unable to connect SSH from HP-UX

ysafi · March 20, 2012, 2:11pm

Hi,

I'm trying to connect from an HP-UX with SSH2 client(ssh2 3.1.2 on hppa1.1-hp-hpux11.00) to an SSH2 server on a VxWorks system. The SSH connection is failing with the below connection logs:

> /usr/local/bin/ssh2 -v -l testuser 10.10.10.10
debug: Ssh2/ssh2.c:1391: Using file ``/etc/ssh2/license_ssh2.dat'' as license.
debug: SshLicense/sshlicense.c:144: 192 bytes (9 pairs) of attributes found.
debug: Ssh2/ssh2.c:1430: license: pki enabled = TRUE.
debug: SshAppCommon/sshappcommon.c:133: Allocating global SshRegex context.
debug: SshConfig/sshconfig.c:2355: Unable to open /devapp_users/nsdtest/.ssh2/ssh2_config
debug: Connecting to 10.10.10.10, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2121: Entering event loop.
debug: Ssh2Client/sshclient.c:1403: Creating transport protocol.
debug: SshAuthMethodClient/sshauthmethodc.c:83: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:83: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1444: Creating userauth protocol.
debug: client supports 2 auth methods: 'publickey,password'
debug: Ssh2Common/sshcommon.c:559: local ip = 192.168.100.100, local port = 61217
debug: Ssh2Common/sshcommon.c:561: remote ip = 10.10.10.10, remote port = 22
debug: SshConnection/sshconn.c:1930: Wrapping...
debug: Remote version: SSH-2.0-Mocana SSH
debug: Ssh2Transport/trcommon.c:1647: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1712: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1715: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: SshKeyFile/sshkeyfile.c:373: file /devapp_users/nsdtest/.ssh2/hostkeys/key_22_10.10.10.10.pub does not exist.
debug: SshKeyFile/sshkeyfile.c:373: file /etc/ssh2/hostkeys/key_22_10.10.10.10.pub does not exist.
Host key not found from database.
Key fingerprint:
xidin-volil-sicof-vokuz-novyf-calic-velam-hivem-nesoc-fyfus-zexex
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? yes
Host key saved to /devapp_users/nsdtest/.ssh2/hostkeys/key_22_10.10.10.10.pub
host key for 10.10.10.10, accepted by nsdtest Tue Mar 20 2012 13:28:35 +0400
debug: SshProtoTrKex/trkex.c:702: Signature didn't match.
debug: Ssh2Common/sshcommon.c:155: DISCONNECT received: Key exchange failed.
warning: Authentication failed.
debug: Ssh2/ssh2.c:130: locally_generated = TRUE
Disconnected; key exchange or algorithm negotiation failed (Key exchange failed.).
debug: Ssh2Client/sshclient.c:1478: Destroying client.
debug: SshConfig/sshconfig.c:555: Freeing pki. (host_pki != NULL, user_pki = NULL)
debug: SshConnection/sshconn.c:1982: Destroying SshConn object.
debug: Ssh2Client/sshclient.c:1540: Destroying client completed.
debug: SshAuthMethodClient/sshauthmethodc.c:88: Destroying authentication method array.
debug: SshAppCommon/sshappcommon.c:146: Freeing global SshRegex context.
debug: SshConfig/sshconfig.c:555: Freeing pki. (host_pki = NULL, user_pki = NULL)

I tried several connection options like "-o StrictHostKeyChecking=no" but always facing the same results. Note that I'm able to connect to the SSH server from all other Windows and Linux based clients. Please let me know what could be the issue here.

Thank you.

vbe · March 22, 2012, 5:07am

Are you using a HP ssh bundle or is it a "home" compilation?
Since you can connect to others (windows and linux) I would suspect more an compatibility issue server side Vxworks.. what about connections from WIN/linux to Vxworks?

ysafi · March 22, 2012, 6:29am

Thanks for your feedback.

Client is using HP SSH bundle.
I'm able to connect from Windows/Linux SSH clients to VxWorks but not from the HP-UX SSH client to VxWorks.

Thank you.

vbe · March 22, 2012, 11:10am

Do you have other HP boxes you can try to connect to VxWorks? or Solaris or AIX boxes... (the encryption on linux and window are quite similar, it is not the case of HP and the others might also differ) my idea is I read some time ago issues with "not quite compatible" keys because of the way it is generated and it may be that looking on HP site you may find a patch bundle for this purpose... If I have a bit of spare time I will try to do some investigations but I am a bit lost since HP changed all their sites I have been fighting for months to get back my access to support with no success.. (It was dead simple during ITRC times...).
could you tell me using swlist -l product what (version) ssh you are using? e.g.

 Secure_Shell          A.04.40.006    HP-UX Secure Shell 
  openssh               3.9p1          openssh        
  openssh               5.2p1          openssh        
  openssl               0.9.8k         openssl

ysafi · March 25, 2012, 3:02pm

Not able to try from other HP boxes at the moment, please find below swlist:
hp-ux#swlist -l product | grep ssh
SSH2 3.1.2 SSH Secure Shell

From the packet trace(attached) of the connection, it seems that the server is resetting the connection even before starting the SSH negotiation.

Thank you.