• State Not Answered
  • Replies 7 replies
  • Subscribers 93 subscribers
  • Views 2838 views
  • Users 0 members are here
Options
Related

Unix Connector Error: Could not open SUGI session for 192.168.X.X

Michael Bantjes
over 3 years ago

In our environment we have multiple different Unix environments that we need to connect to.  Up until now, everything has been running smoothly.  Given the recent release of Ubuntu 20.04.1 LTS and its use of kernel 5, I decided to take if for a spin.  When I enter the details into the the connection data section of the 'General connector settings' window and click Test, I get the following response back:  "[System.Exception] Could not open SUGI session for 192.168.X.X:  Could not open SSH connection to host:  An unexpected error was received from the SSH client (error code = 7):  Connection lost (error code is 10058)".  I can connect to the server with the same credentials via putty so I know there isn't an issue with sshd in and of itself on the target system.  I did a little testing with various OSs that we use and this is what I found:

SLES 11 SP 3 (3.0.76-0.11-default) - no issues
SLES 12 (3.12.28-4-default) - no issues
RHEL8 (4.18.0-193.e18.x86_64) - no issues
Ubuntu 18.04.5 LTS (4.15.0-112-generic) - no issues
Ubuntu 20.04.1 LTS (5.4.0-42-generic) - Could not open SUGI session

I'm not sure if something changed within Ubuntu itself or if there is an issue with the way OID interfaces with kernel v5.  From what I could find online, error code 7 indicates an issue with the cipher used between the two systems.  Has anyone else run into this error before?  Is anyone else using an OS based on kernel 5 that works with OID?

Parents
  • 0 over 3 years ago

    Hi,

    I've not tried this, but intutively I would not suspect the kernel version/config, but rather something in the sphere of sshd.

    Suggestions:

    -Have a look at the full exception stack

    -Check /var/log/auth.log, and consider starting sshd manually with -d 3 for more verbose output.

    -René

  • 0 over 3 years ago in reply to Rene.Obermueller

    According to the auth log, it appears the OID host is terminating the connection:

    sshd: Connection closed by <OID host IP> port Y [preauth]

    It appears the handshake isn't completing normally.

  • 0 over 3 years ago in reply to Michael Bantjes

    My first guess is that OpenSSL config has changed between 18.04 and 20.04. I'll try it out when I get a chance.

    -René

  • 0 over 3 years ago in reply to Rene.Obermueller

    Hi,

    this seems to be related to key exchange algorithms. The default for Ubuntu 20.04's sshd, as per man sshd_config, would be

    curve25519-sha256,curve25519-sha256@libssh.org,
    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
    diffie-hellman-group-exchange-sha256,
    diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
    diffie-hellman-group14-sha256

    It seems that our ssh client does not support these right away. If I change the sshd_config on the server to include e.g. diffie-hellman-group1-sha1, e.g.

    KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

    then I can connect to it.

    The default in Ubuntu 18.04 was

    curve25519-sha256@libssh.org,
    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
    diffie-hellman-group-exchange-sha256,
    diffie-hellman-group14-sha1

    This might be a workaround for the time being, but anything around sha1 is not recommended anymore, so we should investigate further what works or what doesn't.

    Can I ask you to open a Support service request, please? Feel free to add my name as a reference.

    -René

Reply
  • 0 over 3 years ago in reply to Rene.Obermueller

    Hi,

    this seems to be related to key exchange algorithms. The default for Ubuntu 20.04's sshd, as per man sshd_config, would be

    curve25519-sha256,curve25519-sha256@libssh.org,
    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
    diffie-hellman-group-exchange-sha256,
    diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
    diffie-hellman-group14-sha256

    It seems that our ssh client does not support these right away. If I change the sshd_config on the server to include e.g. diffie-hellman-group1-sha1, e.g.

    KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

    then I can connect to it.

    The default in Ubuntu 18.04 was

    curve25519-sha256@libssh.org,
    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
    diffie-hellman-group-exchange-sha256,
    diffie-hellman-group14-sha1

    This might be a workaround for the time being, but anything around sha1 is not recommended anymore, so we should investigate further what works or what doesn't.

    Can I ask you to open a Support service request, please? Feel free to add my name as a reference.

    -René

Children