=== sraue_ is now known as sraue
[06:35] <Kalidarn> there was an ssh update recently wasn't there?
[06:37] <Kalidarn> for some strange reason I cannot ssh into any of my cisco routers anymore with the ssh client on ubuntu
[06:37] <Kalidarn> after this update: openssh-client:    amd64 (6.6p1-1, 6.6p1-2)
[06:37] <Kalidarn> works with putty but i get connection refused with regular openssh
[06:40] <Kalidarn> i've narrowed it that it must be the ssh client, because it works from other machines, and works from the same machine if i use putty
[06:40] <Kalidarn> http://paste.ubuntu.com/7211115/
[06:40] <Kalidarn> and i know it used to work until very recently.
[06:42] <Kalidarn> seems to shut straight after debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
[06:43] <Kalidarn> where as on my other machine this happens
[06:43] <Kalidarn> debug2: dh_gen_key: priv key bits set: 143/256
[06:43] <Kalidarn> debug2: bits set: 512/1024
[06:43] <Kalidarn> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
[06:43] <Kalidarn> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
[06:43] <slangasek> Kalidarn: "connection refused" is pretty definitively not a bug in the ssh client
[06:44] <Kalidarn> yeah but if it's because some sort of feature is unavailable that it wants maybe the remote host is refusing
[06:44] <slangasek> and the only difference between 6.6p1-1 and 6.6p1-2 was a server configuration change
[06:44] <Kalidarn> doesn't explain why it works on exactly the same machine with putty instead :P
[06:44] <slangasek> no, you said "connection refused".  "Connection refused" means a failure at the tcp level
[06:44] <Kalidarn> which means it's not an ACL
[06:45] <Kalidarn> also ssh to other things work
[06:45] <Kalidarn> eg ssh into a freebsd or linux server
[06:46] <slangasek> well, I don't know why you're having problems, but it's not related to the upgrade from 6.6p1-1 to 6.6p1-2
[06:46] <Kalidarn> hmm.
[06:46] <Kalidarn> and initially i would have agreed and thought sure could be tcp issue something blocking it
[06:46] <Kalidarn> but that does not explain why it works with putty on exactly the same system
[06:46] <Kalidarn> to the same remote host
[06:47] <slangasek> anyway, your pastebin shows it's not actually getting connection refused; it is getting past the initial negotiation, then the server is hanging up
[06:47] <Kalidarn> yes which is why i'm rather confused
[06:47] <Kalidarn> doesn't seem to like me connecting with openssh
[06:47] <Kalidarn> from this machine
[06:47] <Kalidarn> works with 6.2p2 from the mac
[06:47] <slangasek> if it worked with 6.6p1-1, then something's changed on your server
[06:47] <slangasek> and you'll need to debug it there
[06:48] <Kalidarn> i reloaded the configuration file so nothign has changed there
[06:48] <Kalidarn> so nothing has changed there
[06:48] <slangasek> you can always try downgrading the client using the links on https://launchpad.net/ubuntu/+source/openssh/+publishinghistory to verify the last version of the client (if any) that works
[06:49] <Kalidarn> i only seem to recall it being an issue today
[06:49] <Kalidarn> i have a trusty vm so ill try it in that
[06:49] <Kalidarn> (the downgrade) that is
[06:49] <slangasek> the diff between 6.6p1-1 and 6.6p1-2 is absolutely trivial and unrelated, so if downgrading that fixes it, then we're looking at a miscompilation somewhere
[06:49] <Kalidarn> that's what i'm starting to think
[06:49] <Kalidarn> cos a network related issue makes no sense if it works in putty
[06:50] <Kalidarn> my originating address would be exactly the same
[06:50] <Kalidarn> that cisco router does have an ACL that only allows certain local IP addresses to connect (but my local IP has not changed)
[06:50] <Kalidarn> and as i said I ruled that out by using a different client
[06:51] <Kalidarn> is there any way of grabbing the older deb file from that page slangasek?
[06:51] <slangasek> yes, you browse the links to the version you want to download
[06:53] <Kalidarn> ah here we are.
[06:56] <Kalidarn> okay so as to be expected that made no difference.e
[06:56] <Kalidarn> although it is quite well possible i have not tried since installing trusty
[06:57]  * slangasek nods
[06:57] <Kalidarn> ill try booting a 13.10 vm
[06:57] <slangasek> there's a RH bug report about newer openssh (6.3 and later) failing to talk to ciscos: https://bugzilla.redhat.com/show_bug.cgi?id=1026430
[06:57] <ubottu> bugzilla.redhat.com bug 1026430 in openssh "OpenSSH can no longer connect to Cisco routers/switches" [Unspecified,Assigned]
[06:57] <slangasek> there are some hints there about how to work around it with client options
[06:57] <Kalidarn> oh :)
[06:58] <Kalidarn> the description does sound relvant
[06:58] <slangasek> (found by searching for '"debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP" cisco', fwiw)
[06:58] <slangasek> if that turns out to be the problem, please file a bug against the openssh package in Ubuntu, referencing that one
[06:58] <Kalidarn> yeah
[07:02] <Kalidarn> slangasek: and i can confirm it works in 13.10
[07:03] <Kalidarn> i think it might already be lodged as a bug
[07:03] <Kalidarn> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1287222
[07:03] <ubottu> Launchpad bug 1287222 in openssh (Ubuntu) "openssh-client 6.5 regression bug with certain servers" [High,New]
[07:08] <Kalidarn> and yes doing that solution works slangasek
=== ktosiek_ is now known as ktosiek
[09:03] <cjwatson> slangasek,Kalidarn: I would say if there are workarounds then we should leave it at that.  I'm not at all keen on weakening the OpenSSH client's defaults due to bugs in embedded servers
[09:04] <cjwatson> (well, modulo documentation perhaps)
[09:04] <slangasek> cjwatson: fwiw the workaround in the RH bug indicates that you can /strengthen/ the defaults for the same result
[09:04] <slangasek> (i.e., it's an issue with a buffer limit on the server for kex options, so dropping the weakest solves the problem fine)
[09:04] <cjwatson> upstream's welcome to do that, but similarly this is in the class of things I Do Not Mess With in packaging
[09:05]  * slangasek nods
[09:05] <cjwatson> (because doing that means potentially dropping support for other systems and I don't want that to be on my head ... it's a domino trail)
[09:26] <Kalidarn> cjwatson: yeah I just wrote a shell script that i run
[09:27] <Kalidarn> sshCisco.sh user@host
[09:27] <Kalidarn> for cisco stuff
[09:27] <Kalidarn> calls ssh with the necessary options
[09:28] <Kalidarn> hopefully people who start using buntu 14.04 know what is up :P
[12:50] <doko_> kirkland, I see your name in a not uploaded facter-plugins tarball. can this package please removed alltogether?
[14:39] <doko_> Riddell, shadeslayer_ : please merge the changes from korundum 4:4.11.3-2, we need to remove ruby1.8 in trusty
[14:42] <doko_> https://bugs.launchpad.net/ubuntu/+source/korundum/+bug/1303366
[14:42] <ubottu> Launchpad bug 1303366 in korundum (Ubuntu Trusty) "korundum needs to remove the ruby1.8 dependencies for trusty" [High,Confirmed]
=== doko_ is now known as doko
[17:27] <doko> geser, libaspectr (0.3.5-3ubuntu2) hardy ... removing now ..
[20:10] <Logan_> I like how tty1 keeps logging me out as soon as I log in
[20:24] <doko> Riddell, ScottK, shadeslayer_: it's really bad if you never sync the debian packaging in packages where you are always ahead of debian ...
=== Zic_ is now known as Guest68868
[20:53] <psusi> cjwatson_, looks like there's another bug in parted I caused by backporting the loop fixes... I called the fat and ntfs probe code from the msdos label probe code because they can be confused with an msdos mbr.. but I think the old code there can't handle !512 byte sector sizes
[22:01] <ScottK> doko: We do periodically.  I'll take a look at it tonight or tomorrow if no one else does.
[22:09] <doko> in this case the period seems to be >= 3 years ;p
[22:15] <ScottK> Their Korundum/Qtruby packages were made from ours, so debian/changelog doesn't tell all.
=== Guest68868 is now known as Zic
[23:59] <lamont> The following packages have been kept back:
[23:59] <lamont>   libdb-dev
[23:59] <lamont> saucy->trusty upgrade didn't get rid of it, and it's still being held back...  I wonder if we care?