3: couldn't match all kex parts

[shibumi]

When I try to connect on my honeypot via ssh client I get the following error message:

Received disconnect from <IP>: 3: couldn't match all kex parts
Disconnected from <IP>

I guess it's because of twisted.. I am using:

kippo-git v0.9.282.d461745-1

with twisted:

15.1.0-1

cheers

chris

[jedisct1]

Same here. It's impossible to connect to Kippo with a recent ssh client, which is pretty sad :(

[gcarq]

Same here. I built python2-twisted (also 15.1.0-1) and noticed some failed unit tests regarding OpenSSHForwarding. I'll try with 15.2.0 and share the logs when I'm at home.

[desaster]

which ssh client / version?

[shibumi]

OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015

on archlinux with kernel 4.2.2-1-ARCH

[harryharryharry]

Same here, with archlinux and with debian. I tried with older versions of twisted but without succes. my ssh version = openssh 7.1p1-1

[micheloosterhof]

Apologies for the ad, but you can try with Cowrie. http://github.com/micheloosterhof/cowrie Mostly backwards compatible, but with a lot of extra features.

[harryharryharry]

Sadly, I use ikoniaris' fork of kippo for the elasticsearch module. Cowrie doesn't support elasticsearch logging, right ? Is it possible to get cowrie to log to elasticsearch ?

[desaster]

I merged a change from cowrie to work around the issue, but I've done very minimal testing on this.

[harryharryharry]

Awesome, I'll try it out. My setup is for shits and giggles only, so I can't screw things up too badly. Thanks!

[SmUrF3R5]

this is still an issue :( Ubuntu 14.04.5 x64

[shibumi]

@SmUrF3R5 install cowrie instead of kippi. Kippo is not supported anymore.

[SmUrF3R5]

Is cowrie working now? I'll give it a try tonight thanks.

On Tue, May 23, 2017 at 7:56 AM Christian Rebischke < notifications@github.com> wrote:

@SmUrF3R5 https://github.com/smurf3r5 install cowrie instead of kippi. Kippo is not supported anymore.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/desaster/kippo/issues/194#issuecomment-303406066, or mute the thread https://github.com/notifications/unsubscribe-auth/AYt19rYPByEWwAIBYywEghZ84hCiTFoHks5r8uWigaJpZM4GMeRJ .

[shibumi]

@SmUrF3R5 Yes it's working and even has more features as kippo. Cowrie is an 'official' fork of kippo. https://github.com/micheloosterhof/cowrie

[SmUrF3R5]

Cowrie does not install correctly and breaks my ssh connection the the server. Once I disconnect I can never reconnect. When the install completes it is not listed in the supervisorctl status

On Tue, May 23, 2017 at 9:52 AM Christian Rebischke < notifications@github.com> wrote:

@SmUrF3R5 https://github.com/smurf3r5 Yes it's working and even has more features as kippo. Cowrie is an 'official' fork of kippo. https://github.com/micheloosterhof/cowrie

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/desaster/kippo/issues/194#issuecomment-303443539, or mute the thread https://github.com/notifications/unsubscribe-auth/AYt19mx_FY3jzqbPnZyadEqFmvoCRlFFks5r8wDSgaJpZM4GMeRJ .

[micheloosterhof]

Hello, Can you provide some more details? Try without supervisor first. Are you using the default configuration? Are you able to connect to the honeypot? What do your logs say?

Supervisorctl is not part of the default install.

[SmUrF3R5]

Helps if you use the new and correct ssh port number when you reconnect after install :-) And yes you are correct I didn't realize this message was on the kippo repository. I am using MHN, that is why I have supervisorctrl Thanks

[Kafow]

Hey, still getting this issue on openssh 7.9 with twisted 20.3.0 any idea of how to fix it? thanks

[micheloosterhof]

@Kafow I'd suggest using https://github.com/cowrie/cowrie Kippo hasn't been updated for a long time now.

[Kafow]

@micheloosterhof I'm using a library who depends on kippo, so unfortunately this isn't an option.

[micheloosterhof]

Which library is this?

[desaster]

Twisted 20.3.0 is way too new for kippo, however that's probably not the issue. If you wanted to run kippo today with real clients, I'd recommend a rewrite with python3 and latest twisted.

[marilu95]

@micheloosterhof Estoy usando una biblioteca que depende de kippo, así que desafortunadamente esta no es una opción.

Excuse me, did you find a solution?

[insideClaw]

Everything worked up until this point - didn't notice the small text hinting it's not a recent development, or in other words, barely usable due to this issue :(