=== sraue_ is now known as sraue [06:35] there was an ssh update recently wasn't there? [06:37] for some strange reason I cannot ssh into any of my cisco routers anymore with the ssh client on ubuntu [06:37] after this update: openssh-client: amd64 (6.6p1-1, 6.6p1-2) [06:37] works with putty but i get connection refused with regular openssh [06:40] i've narrowed it that it must be the ssh client, because it works from other machines, and works from the same machine if i use putty [06:40] http://paste.ubuntu.com/7211115/ [06:40] and i know it used to work until very recently. [06:42] seems to shut straight after debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP [06:43] where as on my other machine this happens [06:43] debug2: dh_gen_key: priv key bits set: 143/256 [06:43] debug2: bits set: 512/1024 [06:43] debug1: SSH2_MSG_KEX_DH_GEX_INIT sent [06:43] debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY [06:43] Kalidarn: "connection refused" is pretty definitively not a bug in the ssh client [06:44] yeah but if it's because some sort of feature is unavailable that it wants maybe the remote host is refusing [06:44] and the only difference between 6.6p1-1 and 6.6p1-2 was a server configuration change [06:44] doesn't explain why it works on exactly the same machine with putty instead :P [06:44] no, you said "connection refused". "Connection refused" means a failure at the tcp level [06:44] which means it's not an ACL [06:45] also ssh to other things work [06:45] eg ssh into a freebsd or linux server [06:46] well, I don't know why you're having problems, but it's not related to the upgrade from 6.6p1-1 to 6.6p1-2 [06:46] hmm. [06:46] and initially i would have agreed and thought sure could be tcp issue something blocking it [06:46] but that does not explain why it works with putty on exactly the same system [06:46] to the same remote host [06:47] anyway, your pastebin shows it's not actually getting connection refused; it is getting past the initial negotiation, then the server is hanging up [06:47] yes which is why i'm rather confused [06:47] doesn't seem to like me connecting with openssh [06:47] from this machine [06:47] works with 6.2p2 from the mac [06:47] if it worked with 6.6p1-1, then something's changed on your server [06:47] and you'll need to debug it there [06:48] i reloaded the configuration file so nothign has changed there [06:48] so nothing has changed there [06:48] you can always try downgrading the client using the links on https://launchpad.net/ubuntu/+source/openssh/+publishinghistory to verify the last version of the client (if any) that works [06:49] i only seem to recall it being an issue today [06:49] i have a trusty vm so ill try it in that [06:49] (the downgrade) that is [06:49] the diff between 6.6p1-1 and 6.6p1-2 is absolutely trivial and unrelated, so if downgrading that fixes it, then we're looking at a miscompilation somewhere [06:49] that's what i'm starting to think [06:49] cos a network related issue makes no sense if it works in putty [06:50] my originating address would be exactly the same [06:50] that cisco router does have an ACL that only allows certain local IP addresses to connect (but my local IP has not changed) [06:50] and as i said I ruled that out by using a different client [06:51] is there any way of grabbing the older deb file from that page slangasek? [06:51] yes, you browse the links to the version you want to download [06:53] ah here we are. [06:56] okay so as to be expected that made no difference.e [06:56] although it is quite well possible i have not tried since installing trusty [06:57] * slangasek nods [06:57] ill try booting a 13.10 vm [06:57] there's a RH bug report about newer openssh (6.3 and later) failing to talk to ciscos: https://bugzilla.redhat.com/show_bug.cgi?id=1026430 [06:57] bugzilla.redhat.com bug 1026430 in openssh "OpenSSH can no longer connect to Cisco routers/switches" [Unspecified,Assigned] [06:57] there are some hints there about how to work around it with client options [06:57] oh :) [06:58] the description does sound relvant [06:58] (found by searching for '"debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP" cisco', fwiw) [06:58] if that turns out to be the problem, please file a bug against the openssh package in Ubuntu, referencing that one [06:58] yeah [07:02] slangasek: and i can confirm it works in 13.10 [07:03] i think it might already be lodged as a bug [07:03] https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1287222 [07:03] Launchpad bug 1287222 in openssh (Ubuntu) "openssh-client 6.5 regression bug with certain servers" [High,New] [07:08] and yes doing that solution works slangasek === ktosiek_ is now known as ktosiek [09:03] slangasek,Kalidarn: I would say if there are workarounds then we should leave it at that. I'm not at all keen on weakening the OpenSSH client's defaults due to bugs in embedded servers [09:04] (well, modulo documentation perhaps) [09:04] cjwatson: fwiw the workaround in the RH bug indicates that you can /strengthen/ the defaults for the same result [09:04] (i.e., it's an issue with a buffer limit on the server for kex options, so dropping the weakest solves the problem fine) [09:04] upstream's welcome to do that, but similarly this is in the class of things I Do Not Mess With in packaging [09:05] * slangasek nods [09:05] (because doing that means potentially dropping support for other systems and I don't want that to be on my head ... it's a domino trail) [09:26] cjwatson: yeah I just wrote a shell script that i run [09:27] sshCisco.sh user@host [09:27] for cisco stuff [09:27] calls ssh with the necessary options [09:28] hopefully people who start using buntu 14.04 know what is up :P [12:50] kirkland, I see your name in a not uploaded facter-plugins tarball. can this package please removed alltogether? [14:39] Riddell, shadeslayer_ : please merge the changes from korundum 4:4.11.3-2, we need to remove ruby1.8 in trusty [14:42] https://bugs.launchpad.net/ubuntu/+source/korundum/+bug/1303366 [14:42] Launchpad bug 1303366 in korundum (Ubuntu Trusty) "korundum needs to remove the ruby1.8 dependencies for trusty" [High,Confirmed] === doko_ is now known as doko [17:27] geser, libaspectr (0.3.5-3ubuntu2) hardy ... removing now .. [20:10] I like how tty1 keeps logging me out as soon as I log in [20:24] Riddell, ScottK, shadeslayer_: it's really bad if you never sync the debian packaging in packages where you are always ahead of debian ... === Zic_ is now known as Guest68868 [20:53] cjwatson_, looks like there's another bug in parted I caused by backporting the loop fixes... I called the fat and ntfs probe code from the msdos label probe code because they can be confused with an msdos mbr.. but I think the old code there can't handle !512 byte sector sizes [22:01] doko: We do periodically. I'll take a look at it tonight or tomorrow if no one else does. [22:09] in this case the period seems to be >= 3 years ;p [22:15] Their Korundum/Qtruby packages were made from ours, so debian/changelog doesn't tell all. === Guest68868 is now known as Zic [23:59] The following packages have been kept back: [23:59] libdb-dev [23:59] saucy->trusty upgrade didn't get rid of it, and it's still being held back... I wonder if we care?