Bug #8677: Can't ssh to git.tails.boum.org from Tails

Bug #8677

Can't ssh to git.tails.boum.org from Tails

Added by sajolida 2015-01-11 12:00:17 . Updated 2015-01-13 16:48:18 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Infrastructure

Target version:

Start date:

2015-01-11

Due date:

% Done:

Feature Branch:

Type of work:

Sysadmin

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Since today I can’t SSH to git.tails.boum.org anymore from Tails:

$ ssh -v tails@git.tails.boum.org
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/amnesia/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 4: Applying options for *
debug1: Executing proxy command: exec /usr/local/bin/connect-socks git.tails.boum.org 22
debug1: identity file /home/amnesia/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/amnesia/.ssh/id_rsa-cert type -1
debug1: identity file /home/amnesia/.ssh/id_dsa type -1
debug1: identity file /home/amnesia/.ssh/id_dsa-cert type -1
debug1: identity file /home/amnesia/.ssh/id_ecdsa type -1
debug1: identity file /home/amnesia/.ssh/id_ecdsa-cert type -1
debug1: permanently_drop_suid: 1000
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
no matching mac found: client hmac-sha1,hmac-md5,hmac-ripemd160 server hmac-sha2-512,hmac-sha2-256

This is on immerda, right? Did you change the crypto suites on that server yourself? Shall I contact them directly instead?

Subtasks

Related issues

Related to Tails - ~~Feature #7315~~: Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings

Resolved

2014-05-27

History

#1 Updated by intrigeri 2015-01-11 12:58:05

> This is on immerda, right?

Yes.

> Did you change the crypto suites on that server yourself?

No, we don’t manage the SSH server there, only our Gitolite instance.

> Shall I contact them directly instead?

Yes.

#2 Updated by BitingBird 2015-01-11 19:44:50

related to ~~Feature #7315~~: Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings added

#3 Updated by BitingBird 2015-01-11 19:45:50

It probably has to do with ~~Feature #7315~~, since plenty of people might be trying to secure ssh better after learning that it might sometimes be broken.

#4 Updated by sajolida 2015-01-13 16:48:18

Status changed from New to Resolved
Assignee deleted (~~bertagaz~~)
QA Check deleted (~~Info Needed~~)

It’s working fine again today, they probably rolled back their changes.