Where to look next?
Damien Miller
djm at mindrot.org
Thu Sep 22 02:02:52 AEST 2016
On Wed, 21 Sep 2016, Delisle, John wrote:
> Hello,
>
> I'm looking for your insight about the log below. We have an SFTP
> server (IBM Sterling File Gateway) and we're connecting from an
> OpenSSH SFTP client but something fails during KEX.
>
> Complete client-side debug output is below, but I believe the relevant
> part is:
>
> debug1: kex: server->client cipher: aes192-cbc MAC: hmac-sha1 compression: none
> debug1: kex: client->server cipher: aes192-cbc MAC: hmac-sha1 compression: none
> debug3: send packet: type 30
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug3: receive packet: type 1
> Received disconnect from 1.2.3.4 port 32:2: Failed to read binary packet data!
>
> Any suggestions about what's failing, and what the cause might be?
> We're trying to figure out where to go in our troubleshooting, and do
> not understand the meaning of this debug output.
It's failing during key exchange (KEX). You could try explicitly selecting
a different key exchange method e.g.
sftp -oKEXAlgorithms=diffie-hellman-group14-sha1 ...
If that works then it's highly likely that the IBM server has implemented
the ecdh-sha2-nistp256 method incorrectly.
-d
More information about the openssh-unix-dev
mailing list