| === sraue_ is now known as sraue | ||
| Kalidarn | there was an ssh update recently wasn't there? | 06:35 |
|---|---|---|
| Kalidarn | for some strange reason I cannot ssh into any of my cisco routers anymore with the ssh client on ubuntu | 06:37 |
| Kalidarn | after this update: openssh-client: amd64 (6.6p1-1, 6.6p1-2) | 06:37 |
| Kalidarn | works with putty but i get connection refused with regular openssh | 06:37 |
| Kalidarn | i've narrowed it that it must be the ssh client, because it works from other machines, and works from the same machine if i use putty | 06:40 |
| Kalidarn | http://paste.ubuntu.com/7211115/ | 06:40 |
| Kalidarn | and i know it used to work until very recently. | 06:40 |
| Kalidarn | seems to shut straight after debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP | 06:42 |
| Kalidarn | where as on my other machine this happens | 06:43 |
| Kalidarn | debug2: dh_gen_key: priv key bits set: 143/256 | 06:43 |
| Kalidarn | debug2: bits set: 512/1024 | 06:43 |
| Kalidarn | debug1: SSH2_MSG_KEX_DH_GEX_INIT sent | 06:43 |
| Kalidarn | debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY | 06:43 |
| slangasek | Kalidarn: "connection refused" is pretty definitively not a bug in the ssh client | 06:43 |
| Kalidarn | yeah but if it's because some sort of feature is unavailable that it wants maybe the remote host is refusing | 06:44 |
| slangasek | and the only difference between 6.6p1-1 and 6.6p1-2 was a server configuration change | 06:44 |
| Kalidarn | doesn't explain why it works on exactly the same machine with putty instead :P | 06:44 |
| slangasek | no, you said "connection refused". "Connection refused" means a failure at the tcp level | 06:44 |
| Kalidarn | which means it's not an ACL | 06:44 |
| Kalidarn | also ssh to other things work | 06:45 |
| Kalidarn | eg ssh into a freebsd or linux server | 06:45 |
| slangasek | well, I don't know why you're having problems, but it's not related to the upgrade from 6.6p1-1 to 6.6p1-2 | 06:46 |
| Kalidarn | hmm. | 06:46 |
| Kalidarn | and initially i would have agreed and thought sure could be tcp issue something blocking it | 06:46 |
| Kalidarn | but that does not explain why it works with putty on exactly the same system | 06:46 |
| Kalidarn | to the same remote host | 06:46 |
| slangasek | anyway, your pastebin shows it's not actually getting connection refused; it is getting past the initial negotiation, then the server is hanging up | 06:47 |
| Kalidarn | yes which is why i'm rather confused | 06:47 |
| Kalidarn | doesn't seem to like me connecting with openssh | 06:47 |
| Kalidarn | from this machine | 06:47 |
| Kalidarn | works with 6.2p2 from the mac | 06:47 |
| slangasek | if it worked with 6.6p1-1, then something's changed on your server | 06:47 |
| slangasek | and you'll need to debug it there | 06:47 |
| Kalidarn | i reloaded the configuration file so nothign has changed there | 06:48 |
| Kalidarn | so nothing has changed there | 06:48 |
| slangasek | you can always try downgrading the client using the links on https://launchpad.net/ubuntu/+source/openssh/+publishinghistory to verify the last version of the client (if any) that works | 06:48 |
| Kalidarn | i only seem to recall it being an issue today | 06:49 |
| Kalidarn | i have a trusty vm so ill try it in that | 06:49 |
| Kalidarn | (the downgrade) that is | 06:49 |
| slangasek | the diff between 6.6p1-1 and 6.6p1-2 is absolutely trivial and unrelated, so if downgrading that fixes it, then we're looking at a miscompilation somewhere | 06:49 |
| Kalidarn | that's what i'm starting to think | 06:49 |
| Kalidarn | cos a network related issue makes no sense if it works in putty | 06:49 |
| Kalidarn | my originating address would be exactly the same | 06:50 |
| Kalidarn | that cisco router does have an ACL that only allows certain local IP addresses to connect (but my local IP has not changed) | 06:50 |
| Kalidarn | and as i said I ruled that out by using a different client | 06:50 |
| Kalidarn | is there any way of grabbing the older deb file from that page slangasek? | 06:51 |
| slangasek | yes, you browse the links to the version you want to download | 06:51 |
| Kalidarn | ah here we are. | 06:53 |
| Kalidarn | okay so as to be expected that made no difference.e | 06:56 |
| Kalidarn | although it is quite well possible i have not tried since installing trusty | 06:56 |
| * slangasek nods | 06:57 | |
| Kalidarn | ill try booting a 13.10 vm | 06:57 |
| slangasek | there's a RH bug report about newer openssh (6.3 and later) failing to talk to ciscos: https://bugzilla.redhat.com/show_bug.cgi?id=1026430 | 06:57 |
| ubottu | bugzilla.redhat.com bug 1026430 in openssh "OpenSSH can no longer connect to Cisco routers/switches" [Unspecified,Assigned] | 06:57 |
| slangasek | there are some hints there about how to work around it with client options | 06:57 |
| Kalidarn | oh :) | 06:57 |
| Kalidarn | the description does sound relvant | 06:58 |
| slangasek | (found by searching for '"debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP" cisco', fwiw) | 06:58 |
| slangasek | if that turns out to be the problem, please file a bug against the openssh package in Ubuntu, referencing that one | 06:58 |
| Kalidarn | yeah | 06:58 |
| Kalidarn | slangasek: and i can confirm it works in 13.10 | 07:02 |
| Kalidarn | i think it might already be lodged as a bug | 07:03 |
| Kalidarn | https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1287222 | 07:03 |
| ubottu | Launchpad bug 1287222 in openssh (Ubuntu) "openssh-client 6.5 regression bug with certain servers" [High,New] | 07:03 |
| Kalidarn | and yes doing that solution works slangasek | 07:08 |
| === ktosiek_ is now known as ktosiek | ||
| cjwatson | slangasek,Kalidarn: I would say if there are workarounds then we should leave it at that. I'm not at all keen on weakening the OpenSSH client's defaults due to bugs in embedded servers | 09:03 |
| cjwatson | (well, modulo documentation perhaps) | 09:04 |
| slangasek | cjwatson: fwiw the workaround in the RH bug indicates that you can /strengthen/ the defaults for the same result | 09:04 |
| slangasek | (i.e., it's an issue with a buffer limit on the server for kex options, so dropping the weakest solves the problem fine) | 09:04 |
| cjwatson | upstream's welcome to do that, but similarly this is in the class of things I Do Not Mess With in packaging | 09:04 |
| * slangasek nods | 09:05 | |
| cjwatson | (because doing that means potentially dropping support for other systems and I don't want that to be on my head ... it's a domino trail) | 09:05 |
| Kalidarn | cjwatson: yeah I just wrote a shell script that i run | 09:26 |
| Kalidarn | sshCisco.sh user@host | 09:27 |
| Kalidarn | for cisco stuff | 09:27 |
| Kalidarn | calls ssh with the necessary options | 09:27 |
| Kalidarn | hopefully people who start using buntu 14.04 know what is up :P | 09:28 |
| doko_ | kirkland, I see your name in a not uploaded facter-plugins tarball. can this package please removed alltogether? | 12:50 |
| doko_ | Riddell, shadeslayer_ : please merge the changes from korundum 4:4.11.3-2, we need to remove ruby1.8 in trusty | 14:39 |
| doko_ | https://bugs.launchpad.net/ubuntu/+source/korundum/+bug/1303366 | 14:42 |
| ubottu | Launchpad bug 1303366 in korundum (Ubuntu Trusty) "korundum needs to remove the ruby1.8 dependencies for trusty" [High,Confirmed] | 14:42 |
| === doko_ is now known as doko | ||
| doko | geser, libaspectr (0.3.5-3ubuntu2) hardy ... removing now .. | 17:27 |
| Logan_ | I like how tty1 keeps logging me out as soon as I log in | 20:10 |
| doko | Riddell, ScottK, shadeslayer_: it's really bad if you never sync the debian packaging in packages where you are always ahead of debian ... | 20:24 |
| === Zic_ is now known as Guest68868 | ||
| psusi | cjwatson_, looks like there's another bug in parted I caused by backporting the loop fixes... I called the fat and ntfs probe code from the msdos label probe code because they can be confused with an msdos mbr.. but I think the old code there can't handle !512 byte sector sizes | 20:53 |
| ScottK | doko: We do periodically. I'll take a look at it tonight or tomorrow if no one else does. | 22:01 |
| doko | in this case the period seems to be >= 3 years ;p | 22:09 |
| ScottK | Their Korundum/Qtruby packages were made from ours, so debian/changelog doesn't tell all. | 22:15 |
| === Guest68868 is now known as Zic | ||
| lamont | The following packages have been kept back: | 23:59 |
| lamont | libdb-dev | 23:59 |
| lamont | saucy->trusty upgrade didn't get rid of it, and it's still being held back... I wonder if we care? | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!