search

slashbeast / better-initramfs

Small and reliable initramfs solution supporting (remote) rescue shell, lvm, dmcrypt luks, software raid, tuxonice, uswsusp and more.
BSD 3-Clause "New" or "Revised" License
318 stars 54 forks source link

Can not connect to dropbear with OpenSSH 8.0p1 #53

Closed unqueued closed 4 years ago

unqueued commented 4 years ago

It might very well be my specific version of ssh on my laptop, but I can not connect to the version of dropbear that it is currently being built with.

ssh root@192.168.1.8 -p 2222 -vv
    OpenSSH_8.0p1-PKIXSSH-12.1-hpn14v16, OpenSSL 1.0.2t  10 Sep 2019
    debug1: Can't process default engine config file: No such file or directory
    debug1: Reading configuration data /home/dequeued/.ssh/config
    debug1: /home/dequeued/.ssh/config line 18: Applying options for *
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: ssh_set_validator: ignore responder url
    debug1: Connecting to 192.168.1.8 [192.168.1.8] port 2222.
    debug1: Connection established.
    debug1: Local version string SSH-2.0-OpenSSH_8.0p1-PKIXSSH-12.1-hpn14v16 PKIX[12.1]
    debug1: Remote protocol version 2.0, remote software version dropbear_2015.71
    debug1: no match: dropbear_2015.71
    debug1: x.509 compatibility rfc6187_missing_key_identifier=no: pattern '*' match 'dropbear_2015.71'
    debug1: x.509 compatibility rfc6187_asn1_opaque_ecdsa_signature=no: pattern '*' match 'dropbear_2015.71'
    debug1: x.509 compatibility broken list with accepted publickey algorithms=no: pattern '*' match 'dropbear_2015.71'
    debug1: Authenticating to 192.168.1.8:2222 as 'root'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: AUTH STATE IS 0
    debug1: kex: algorithm: curve25519-sha256@libssh.org
    debug1: kex: host key algorithm: ssh-rsa
    debug1: REQUESTED ENC.NAME is 'aes128-ctr'
    debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
    debug1: REQUESTED ENC.NAME is 'aes128-ctr'
    debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    Connection closed by 192.168.1.8 port 2222

I have seen some suggestions, like changing the MTU or KexAlgorithm, but nothing has worked so far.

I did get it working by dropping in an updated dropbear version in https://github.com/unqueued/better-initramfs/blob/devel/bootstrap/lebuilds/dropbear.lebuild

With a newer release from here: https://matt.ucc.asn.au/dropbear/releases/

Am still figuring out what exactly the problem is caused by, but maybe dropbear should be updated anyway?

slashbeast commented 4 years ago

Yes, i have long overdue update session for all deps, so i will look into it this weekend and push bumps to devel branch., will update this issue afterwards

slashbeast commented 4 years ago

FYI I have not forgotten about this or other issues, I just have little time now. Will try to push things forward soon, after I finish what I have already in progress.

slashbeast commented 4 years ago

Hi,

Can you please let me know if the v0.10.0 I've just released fixes problem for you?

Note that this one have new sysroot, so you may need to manually wipe build_dir/ first. It will be like that until I finish the root-less build system overhaul.

unqueued commented 4 years ago

Cool, I'm still testing. Would it be possible for you to repost the distfiles that were there a few weeks ago, so that I can build from b3a63a6?

slashbeast commented 4 years ago

I have no copy of them, everything beside sysroot can be found on the mirrors. The sysroot was like 4 years old so I had no real reason to keep it.

unqueued commented 4 years ago

No problem, I was able to take care of everything. Problem appears to be fixed, but will continue testing.