Ssh does not work, but putty does?

I have just installed Manjaro, and everything is fine but ssh.
If I try to connect to my Debian Server in XFCE-Terminal with ssh -p 8888 192.168.3.254 in local network nothing happens, not even any Error Notice.
If I do the same with putty, I can connect.
Very strange, never had such an issue with ssh since my first Linux Computer with Suse 5.0.

With a recent release, the OpenSSH project disabled some older, less secure ciphers. If your Debian Server requires these ciphers, you need to enable these in your client config. Or better, make sure your Debian Server doesn’t need these ciphers.

https://www.openssh.com/txt/release-8.8

2 Likes

openssh-server on debian is 7.9p1-10+deb10u2

I tried
Host 192.168.3.254
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
in .ssh/config

but does not solve my Problem

Try option ‘-v’ for more (error) output.

1 Like

I don’t believe, OpenSSH 8.8 is the issue as long as he can use ssh with putty. If the last version of OpenSSH (8.8) is truly the problem, all ssh connection won’t work, no matter if it’s putty or the ssh cli. The error message in ssh cli in this scenario is “Permission denied (publickey)”.

I would suggest posting sshd -v and also the whole content of /etc/ssh/sshd_config and .ssh/config and double check if the ssh port is truly a handmade 8888.

PubkeyAcceptedAlgorithms +ssh-rsa
in .ssh/config

I think the correct syntax is more like PubkeyAcceptedAlgorithms=+ssh-rsa so you can try something like this on your debian server:
echo "PubkeyAcceptedAlgorithms=+ssh-rsa" >> /etc/ssh/sshd_config

1 Like

Hi @kisun, and welcome!

In order for us, for those trying to be of assistance, please wrap any terminal output in three backticks (```) before and after the text. This will just cause it to be shown like this:

Et proin mi
nec metus sit
urna urna
tortor eu accumsan
urna leo sem rutrum.

instead of like this:

Et proin mi nec metus sit urna urna tortor eu accumsan urna leo sem rutrum.

greatly improving legibility.

Please also see [HowTo] Provide System Information and, if applicable, [HowTo] post screenshots and links

Well - the problem is not the ssh client on Manjaro - but the servers configuration.

It is a known issue that upstream has deprecated and disabled some ciphers.

As I see it - you next step is to upgrade your server’s ssh daemon - compile from source if you have to.

The fact that you can use putty only tells that putty has not advanced beyond the disabled ciphers.


If you are using public key authentication and you have several keys defined in your config and you are using passwordless keys then try adding this to your config (either at the top as wildcard for all hosts or per host

Host *
  IdentityAgent none
1 Like

:100:

Or even ssh -vv
The log will tell where the problem is ! Guessing what the problem is (or may be), without looking into the error-messages is not helpfull :man_shrugging:

I have installed Manjaro on my old macbookpro 8.1 early 2011. And all other Distros has used the broadcom wl driver. So I have installed broadcom-wl-dkms. And that has fixed the issue.
But connot imagine why the b43 does work for Web Mail and so on but not for ssh. And Putty works with the b43 ?
extremly strange to me.
Excuse my bad English

the -v option on live medium -

[manjaro@manjaro ~]$ ssh -l didi -p 2222 -v 192.168.3.254
OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.3.254 [192.168.3.254] port 2222.
debug1: Connection established.
debug1: identity file /home/manjaro/.ssh/id_rsa type -1
debug1: identity file /home/manjaro/.ssh/id_rsa-cert type -1
debug1: identity file /home/manjaro/.ssh/id_dsa type -1
debug1: identity file /home/manjaro/.ssh/id_dsa-cert type -1
debug1: identity file /home/manjaro/.ssh/id_ecdsa type -1
debug1: identity file /home/manjaro/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/manjaro/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/manjaro/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/manjaro/.ssh/id_ed25519 type -1
debug1: identity file /home/manjaro/.ssh/id_ed25519-cert type -1
debug1: identity file /home/manjaro/.ssh/id_ed25519_sk type -1
debug1: identity file /home/manjaro/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/manjaro/.ssh/id_xmss type -1
debug1: identity file /home/manjaro/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: compat_banner: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.3.254:2222 as ‘didi’
debug1: load_hostkeys: fopen /home/manjaro/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/manjaro/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

Don’t understand that and have no idea why this is solved by another wifi driver.

Please enclose the log with 3 backticks like this: ```

There is something missing at the end of the log :man_shrugging:

1 Like

I will give it another try.

OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.3.254 [192.168.3.254] port 2222.
debug1: Connection established.
debug1: identity file /home/didi/.ssh/id_rsa type 0
debug1: identity file /home/didi/.ssh/id_rsa-cert type -1
debug1: identity file /home/didi/.ssh/id_dsa type -1
debug1: identity file /home/didi/.ssh/id_dsa-cert type -1
debug1: identity file /home/didi/.ssh/id_ecdsa type -1
debug1: identity file /home/didi/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/didi/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/didi/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/didi/.ssh/id_ed25519 type -1
debug1: identity file /home/didi/.ssh/id_ed25519-cert type -1
debug1: identity file /home/didi/.ssh/id_ed25519_sk type -1
debug1: identity file /home/didi/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/didi/.ssh/id_xmss type -1
debug1: identity file /home/didi/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: compat_banner: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.3.254:2222 as 'didi'
debug1: load_hostkeys: fopen /home/didi/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 192.168.3.254 port 2222```

Is it right so? between the two last lines there was an timeout of about one minute

Now it is clear the connection git closed because the client did not get a response to his last Message.
If you would want to investigate further, you would have to try again with -vv to see more details. Next step would have been to look into the logfile of the host. But since your issue is resolved, we will let it be :wink:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.