24 April 2023, 05:21 | #1 |
Registered User
Join Date: Apr 2016
Location: Perth, Australia
Posts: 386
|
Trying to get SSH working on Amiga
Hi all
I've been trying to get SSH working on my Amiga (MiSTer core) with AmigaOS 3.2 since I'd like to be able to control my devices from my Amiga. So far no luck. On the weekend I learnt about and set up GeekGadgets for an ixemul UNIX environment and that is working fine but so far no luck with SSH. I found this site which links some OpenSSH ports for Amiga http://linuxmafia.com/ssh/amiga.html The first thing I needed to do was download and install OpenSSL for Amiga (a requirement for OpenSSH) so I downloaded and installed openssl-bin version 0.9.7m from Aminet. With that done I then tried the OpenSSL ports from the site linked above. I tried the first one and it crashes whenever ssh-keygen or ssh is run and simply said "EMT Trap" I tried the second one (needed to use the wayback machine to get it because it's no longer online). ssh-keygen works (took about 10 min to generate the keys but that's to be expected, this is just a 68020 with no FPU after all). When I tried then to connect to my MacBook with SSH, it returned with "no matching cipher found" I feel I am so close to getting it working but I don't know how to fix this cipher issue |
24 April 2023, 05:53 | #2 |
Registered User
Join Date: Jan 2015
Location: australia
Posts: 486
|
At a guess, the amiga ssh client only supports ssh-1, whereas your ssh server likely only supports ssh-2. I don't use mac, so I'm not much help.... this may be of use however https://unix.stackexchange.com/quest...-rejecting-cbc
|
24 April 2023, 06:21 | #3 |
Registered User
Join Date: Apr 2016
Location: Perth, Australia
Posts: 386
|
Thanks I'll try that. I think it does support SSH 2.0 though since the description on the website says "OpenSSH ported by Eric Chernoff. Requires the GeekGadgets ixemul and ixnet libraries. Client utilities. Open source under the BSD licence. ssh protocol 1.5 & 2.0." however there's nothing in the actual package readme that confirms this
|
24 April 2023, 08:01 | #4 | |
Registered User
Join Date: May 2021
Location: ZZ9 Plural Z Alpha
Posts: 124
|
Quote:
With regards to your problem, I would suggest getting the Bitvise SSH client, free for personal use, it gives you great and easy control over what cyphers are used for the keys and transport, been using it for years, now. Only problem is, it's Windows. I would be surprised if you couldn't get it working with that... |
|
24 April 2023, 11:30 | #5 | |
Registered User
Join Date: Jul 2014
Location: Finland
Posts: 1,178
|
Quote:
Possibly this client does support SSH protocol version 2, but doesn't offer a encryption mechanism that's safe enough in the modern world anymore. The OSX OpenSSH Server is configured to reject weak keys/algorithms/cyphers which is why you get this error. This might help a bit with finding what's missing: https://www.openssh.com/legacy.html You might be able to re-enable older cypher's in the sshd config, but the OSX build might not have support for them compiled in anymore......requiring you to rebuild sshd from source code... ...This is probably not helping much, bottom line, AmigaOS/68k as an ssh client is going to be painful and insecure for both client and server. |
|
24 April 2023, 17:42 | #6 | |
Registered User
Join Date: Aug 2018
Location: UK
Posts: 50
|
Quote:
|
|
25 April 2023, 07:11 | #7 |
Registered User
Join Date: Apr 2016
Location: Perth, Australia
Posts: 386
|
First of all I realised I had to regenerate my ssh keys because this ssh-keygen by default seems to generate keys for SSHv1 instead of v2. I regenerated v2 keys with:
Code:
ssh-keygen -t rsa Code:
Ciphers +aes128-cbc KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-rsa Code:
dispatch_protocol_error: type 80 plen 602 |
25 April 2023, 07:54 | #8 |
Registered User
Join Date: Jan 2015
Location: australia
Posts: 486
|
Closer.... exactly which ssh client are you using on the Amiga side? (link to archive)
|
25 April 2023, 15:35 | #10 |
Registered User
Join Date: Jul 2014
Location: Finland
Posts: 1,178
|
Could you do a verbose connection and dump the log here?: `ssh -v $dest`
|
25 April 2023, 15:59 | #11 |
Registered User
Join Date: Apr 2016
Location: Perth, Australia
Posts: 386
|
haha an easy way to get this log output to paste in this post for you was to use rsh to perform the ssh -v command on my amiga from my MacBook.
Here it is: Code:
9.SYS:> ssh -v cameron@192.168.1.46 OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 65534 geteuid 65534 anon 1 debug1: Connecting to 192.168.1.46 [192.168.1.46] port 22. debug1: temporarily_use_uid: -2/-2 (e=65534) debug1: restore_uid debug1: temporarily_use_uid: -2/-2 (e=65534) debug1: restore_uid debug1: Connection established. debug1: identity file T:/.ssh/identity type -1 debug1: identity file T:/.ssh/id_rsa type -1 debug1: identity file T:/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0 debug1: match: OpenSSH_9.0 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-sha1 none debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: dh_gen_key: priv key bits set: 157/320 debug1: bits set: 492/1024 debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY The authenticity of host '192.168.1.46 (192.168.1.46)' can't be established. RSA key fingerprint is 88:3e:cd:e8:7a:03:07:80:81:58:7f:e9:f2:60:1c:bf. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.46' (RSA) to the list of known hosts. debug1: bits set: 509/1024 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: T:/.ssh/identity debug1: try privkey: T:/.ssh/id_rsa debug1: try privkey: T:/.ssh/id_dsa debug1: next auth method to try is keyboard-interactive Password: Code:
debug1: packet_send2: adding 32 (len 24 padlen 8 extra_pad 64) debug1: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64) debug1: ssh-userauth2 successful: method keyboard-interactive debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. dispatch_protocol_error: type 80 plen 602 debug1: Calling cleanup 0x4065e966(0x0) debug1: Calling cleanup 0x406678b4(0x0) debug1: channel_free: channel 0: client-session, nchannels 1 debug1: Calling cleanup 0x40672a3e(0x0) |
26 April 2023, 01:20 | #12 |
Registered User
Join Date: Jan 2015
Location: australia
Posts: 486
|
I was going to ask for the same log, however, not using this method ...it may be more insightful to stop sshd, restart it in debug mode, and then check the log on the server side, and/or upload said log to pastebin or similar.
|
28 April 2023, 14:05 | #13 |
Registered User
Join Date: Apr 2016
Location: Perth, Australia
Posts: 386
|
Here is the output of sshd in debug mode
Code:
? repos sudo /usr/sbin/sshd -d -p 8888 Password: debug1: sshd version OpenSSH_9.0, LibreSSL 3.3.6 debug1: private host key #0: ssh-rsa SHA256:78Z0SVAOt+uDbtKw9ExBz5im2z0zVDCFnb8l7t9iIbU debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:wDf1Qmg4WxtCybJLbdHQycvGUZbY6Pi6Dgs3tcUea2s debug1: private host key #2: ssh-ed25519 SHA256:ZRfQk+olT8I2sMfJOrX7lLGmz/jJLBdhBjPVsqPtxl8 debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='8888' debug1: Bind to port 8888 on ::. Server listening on :: port 8888. debug1: Bind to port 8888 on 0.0.0.0. Server listening on 0.0.0.0 port 8888. debug1: fd 6 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9 debug1: sshd version OpenSSH_9.0, LibreSSL 3.3.6 debug1: private host key #0: ssh-rsa SHA256:78Z0SVAOt+uDbtKw9ExBz5im2z0zVDCFnb8l7t9iIbU debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:wDf1Qmg4WxtCybJLbdHQycvGUZbY6Pi6Dgs3tcUea2s debug1: private host key #2: ssh-ed25519 SHA256:ZRfQk+olT8I2sMfJOrX7lLGmz/jJLBdhBjPVsqPtxl8 debug1: inetd sockets after dupping: 5, 5 Connection from 192.168.1.254 port 1024 on 192.168.1.46 port 8888 debug1: Local version string SSH-2.0-OpenSSH_9.0 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.0.2p1 debug1: compat_banner: match: OpenSSH_3.0.2p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1* compat 0x01200002 debug1: permanently_set_uid: 75/75 [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: algorithm: diffie-hellman-group1-sha1 [preauth] debug1: kex: host key algorithm: ssh-rsa [preauth] debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none [preauth] debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth] debug1: rekey out after 4294967296 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: rekey in after 4294967296 blocks [preauth] debug1: KEX done [preauth] debug1: userauth-request for user cameron service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "cameron" debug1: PAM: setting PAM_RHOST to "192.168.1.254" debug1: userauth-request for user cameron service ssh-connection method keyboard-interactive [preauth] debug1: attempt 1 failures 0 [preauth] debug1: keyboard-interactive devs [preauth] debug1: auth2_challenge: user=cameron devs= [preauth] debug1: kbdint_alloc: devices 'pam' [preauth] debug1: auth2_challenge_start: trying authentication method 'pam' [preauth] Postponed keyboard-interactive for cameron from 192.168.1.254 port 1024 ssh2 [preauth] debug1: do_pam_account: called debug1: PAM: num PAM env strings 4 Postponed keyboard-interactive/pam for cameron from 192.168.1.254 port 1024 ssh2 [preauth] debug1: do_pam_account: called Accepted keyboard-interactive/pam for cameron from 192.168.1.254 port 1024 ssh2 debug1: monitor_child_preauth: user cameron authenticated by privileged process debug1: monitor_read_log: child log fd closed debug1: PAM: establishing credentials User child is on pid 53149 debug1: PAM: establishing credentials debug1: permanently_set_uid: 501/20 debug1: rekey in after 4294967296 blocks debug1: rekey out after 4294967296 blocks debug1: ssh_packet_set_postauth: called debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Entering interactive session for SSH2. debug1: server_init_dispatch debug1: server_input_channel_open: ctype session rchan 0 win 32768 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session Connection closed by 192.168.1.254 port 1024 debug1: channel 0: free: server-session, nchannels 1 Close session: user cameron from 192.168.1.254 port 1024 id 0 debug1: do_cleanup Transferred: sent 2960, received 1128 bytes Closing connection to 192.168.1.254 port 1024 debug1: PAM: cleanup debug1: PAM: closing session debug1: PAM: deleting credentials |
29 April 2023, 02:28 | #14 |
Registered User
Join Date: Jan 2015
Location: australia
Posts: 486
|
So it negotiated auth okay, opened a connection, and the amiga ssh client bailed.
Try a different client ...ie; http://prdownloads.sourceforge.net/a...2.lha?download |
29 April 2023, 05:38 | #15 | |
Registered User
Join Date: Apr 2016
Location: Perth, Australia
Posts: 386
|
Quote:
|
|
30 April 2023, 06:07 | #16 |
Registered User
Join Date: Jan 2015
Location: australia
Posts: 486
|
Odd....that was supposed to run on OS3.2 ...
The only client I can find that 'current' (still active project) is -> https://github.com/jens-maus/amissl/releases That would be a better client to focus on here, just because it's active, current ...with full source code available etc etc... |
30 April 2023, 10:25 | #17 |
Registered User
Join Date: Jul 2014
Location: Finland
Posts: 1,178
|
I did a bit of code surfing in the OpenSSH codebase, ...but if i'm honest, i'm not super confident.
But i suspect this is a protocol mismatch between modern SSHv2 and this 20 year old one. `dispatch_protocol_error: type 80 plen 602` -> 80 is SSH2_MSG_GLOBAL_REQUEST. 3.0.2 only seems to implement opening TCP forwarding on this request type, while modern SSH servers also issue Keep-alives etc. on this, and without investigating actual wireshark dumps i fear the SSHD issued some incompatible event that the clients barfs at. But it's a bit hard to figure out codebase differences between 22 years in a rather complex code base i have never looked at before, sorry! |
30 April 2023, 10:29 | #18 |
Registered User
Join Date: Jul 2014
Location: Finland
Posts: 1,178
|
Wanting to validate this...
I just tried to build 3.0.2 on modern Debian....Which fails due to some bitrotten Perl support scripts.... Let's fix those.... |
30 April 2023, 14:05 | #19 | |
Registered User
Join Date: Apr 2016
Location: Perth, Australia
Posts: 386
|
Quote:
|
|
30 April 2023, 17:32 | #20 |
Registered User
Join Date: Jul 2014
Location: Finland
Posts: 1,178
|
@NightFox
I got the exact equivalent of this Amiga port to build on GNU/Linux, and have somewhat predictably ended up in the same situation. Played a bit with configuration, but it just errors out in the event dispatch code, this really isn't going to work against a modern sshd. |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
SSH using Amiga shell theme? | Turran | Amiga scene | 6 | 21 December 2022 17:25 |
SSH automation | Tolgod | Coders. Scripting | 9 | 31 October 2021 14:42 |
ssh? | elwis | support.Apps | 7 | 28 January 2018 12:15 |
Telnet apps/SSH client that works with AmiTCP | user8086 | request.Apps | 3 | 18 December 2016 09:55 |
Svn+ssh | tygre | Coders. General | 13 | 06 September 2015 05:55 |
|
|