Project

General

Profile

Bug #8677

Can't ssh to git.tails.boum.org from Tails

Added by sajolida over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Infrastructure
Target version:
-
Start date:
01/11/2015
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
Affected tool:

Description

Since today I can't SSH to git.tails.boum.org anymore from Tails:

$ ssh -v tails@git.tails.boum.org
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/amnesia/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 4: Applying options for *
debug1: Executing proxy command: exec /usr/local/bin/connect-socks git.tails.boum.org 22
debug1: identity file /home/amnesia/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/amnesia/.ssh/id_rsa-cert type -1
debug1: identity file /home/amnesia/.ssh/id_dsa type -1
debug1: identity file /home/amnesia/.ssh/id_dsa-cert type -1
debug1: identity file /home/amnesia/.ssh/id_ecdsa type -1
debug1: identity file /home/amnesia/.ssh/id_ecdsa-cert type -1
debug1: permanently_drop_suid: 1000
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
no matching mac found: client hmac-sha1,hmac-md5,hmac-ripemd160 server hmac-sha2-512,hmac-sha2-256

This is on immerda, right? Did you change the crypto suites on that server yourself? Shall I contact them directly instead?


Related issues

Related to Tails - Feature #7315: Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings Resolved 05/27/2014

History

#1 Updated by intrigeri over 4 years ago

This is on immerda, right?

Yes.

Did you change the crypto suites on that server yourself?

No, we don't manage the SSH server there, only our Gitolite instance.

Shall I contact them directly instead?

Yes.

#2 Updated by BitingBird over 4 years ago

  • Related to Feature #7315: Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings added

#3 Updated by BitingBird over 4 years ago

It probably has to do with #7315, since plenty of people might be trying to secure ssh better after learning that it might sometimes be broken.

#4 Updated by sajolida over 4 years ago

  • Status changed from New to Resolved
  • Assignee deleted (bertagaz)
  • QA Check deleted (Info Needed)

It's working fine again today, they probably rolled back their changes.

Also available in: Atom PDF