Bug #8677

Can't ssh to git.tails.boum.org from Tails

Added by sajolida 2015-01-11 12:00:17 . Updated 2015-01-13 16:48:18 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
Start date:
2015-01-11
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Since today I can’t SSH to git.tails.boum.org anymore from Tails:

$ ssh -v tails@git.tails.boum.org
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/amnesia/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 4: Applying options for *
debug1: Executing proxy command: exec /usr/local/bin/connect-socks git.tails.boum.org 22
debug1: identity file /home/amnesia/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/amnesia/.ssh/id_rsa-cert type -1
debug1: identity file /home/amnesia/.ssh/id_dsa type -1
debug1: identity file /home/amnesia/.ssh/id_dsa-cert type -1
debug1: identity file /home/amnesia/.ssh/id_ecdsa type -1
debug1: identity file /home/amnesia/.ssh/id_ecdsa-cert type -1
debug1: permanently_drop_suid: 1000
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
no matching mac found: client hmac-sha1,hmac-md5,hmac-ripemd160 server hmac-sha2-512,hmac-sha2-256

This is on immerda, right? Did you change the crypto suites on that server yourself? Shall I contact them directly instead?


Subtasks


Related issues

Related to Tails - Feature #7315: Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings Resolved 2014-05-27

History

#1 Updated by intrigeri 2015-01-11 12:58:05

> This is on immerda, right?

Yes.

> Did you change the crypto suites on that server yourself?

No, we don’t manage the SSH server there, only our Gitolite instance.

> Shall I contact them directly instead?

Yes.

#2 Updated by BitingBird 2015-01-11 19:44:50

  • related to Feature #7315: Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings added

#3 Updated by BitingBird 2015-01-11 19:45:50

It probably has to do with Feature #7315, since plenty of people might be trying to secure ssh better after learning that it might sometimes be broken.

#4 Updated by sajolida 2015-01-13 16:48:18

  • Status changed from New to Resolved
  • Assignee deleted (bertagaz)
  • QA Check deleted (Info Needed)

It’s working fine again today, they probably rolled back their changes.