From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id CFhdGu1SUGNkXAAAbAwnHQ (envelope-from ) for ; Wed, 19 Oct 2022 21:41:33 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id iJSHGu1SUGO+ZwAAauVa8A (envelope-from ) for ; Wed, 19 Oct 2022 21:41:33 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3058A37CED for ; Wed, 19 Oct 2022 21:41:33 +0200 (CEST) Received: from localhost ([::1]:34928 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1olED2-0000dc-0t for larch@yhetil.org; Wed, 19 Oct 2022 14:54:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41664) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1olECp-0000cd-7p for help-guix@gnu.org; Wed, 19 Oct 2022 14:54:19 -0400 Received: from mail-ej1-x634.google.com ([2a00:1450:4864:20::634]:45621) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1olECl-0002k8-SP for help-guix@gnu.org; Wed, 19 Oct 2022 14:54:19 -0400 Received: by mail-ej1-x634.google.com with SMTP id sc25so42093005ejc.12 for ; Wed, 19 Oct 2022 11:54:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=iMtC0lKjPLp9+eGGCjObw7xCABky/82T0ocH5P1zMU8=; b=bNOrxELcU8zVg/vBO7QdXlh8tfJXQGsobiwHYLYhrnw7cNUKBcem8X9Ls2mxWLjOzM bQKGMvUocLpQ42fx1zc44eJ4OPfsA/IjsIrvuuI2cMDRz78wwrZd2VBhNZVzLXc19fmH a/xkatHjV+9O1vv24iarKFplI4yaP4vUbi9uXUErAFmesip2sa1pRClVCj1pOr1xUxqz JTR+Xv/UfTn13l1bNmt8gJ8G8+TkmUiSst2dKw5rEEckFWdHaXXt8tHlJfGWvS529lTL 8P5RPP+zHCzVpAo3UWNmRHWDp+F/vXP29uQ4/35tOynzNYTnoBFEVysFlwGCg4WzGuZf YOww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iMtC0lKjPLp9+eGGCjObw7xCABky/82T0ocH5P1zMU8=; b=rpnH5G7book4JXBRv4BCzNXAiSxqijPmLbeYFx4LuVpqyF9tMnA+xW9PUfHJvnmIM+ JyZLvHFXNE1ZDBtSF3l3F+hG3/uTz37UpNQwmCPs1uR/EDdbruWIfuerhspOg9kYeBYv 0/vqKu5tG/6wazTF1auYQzHJnPL/EnewnDR1zKSubgfki4dwzE++a6jdUuoWwP3GxjXz bya1xxg0c2j+ZR3KIxt4FeIM7RI/1YglH5uhZsymPi9z4mBxGGSV0vo6vw17REe/jMsL UixMLZtkUeRdEGe2OAuat7cqLqE7R4DXkUiJGPPwLZTGxd7OQsu6rP33oqRRQaYmog7o Av4g== X-Gm-Message-State: ACrzQf10gQx+99tJTAKbu3gb2H0Mv55WiIkyfoz9SqR7siAWxJrbksL8 hbr7jw9wGBntNz7W+z/v9iptBwPBLy2tVmX+ X-Google-Smtp-Source: AMsMyM4b5WQL9ohiGF1+BTTGj5AHhNLQL8mwDBC9HIRctHSi/XwOPzTtx4brKEMfhQ1oDorlIBuEpg== X-Received: by 2002:a17:907:1b1e:b0:783:8e33:2d1c with SMTP id mp30-20020a1709071b1e00b007838e332d1cmr7937279ejc.304.1666205653899; Wed, 19 Oct 2022 11:54:13 -0700 (PDT) Received: from localhost ([141.226.13.62]) by smtp.gmail.com with ESMTPSA id g7-20020a170906538700b00782539a02absm9394429ejo.194.2022.10.19.11.54.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Oct 2022 11:54:13 -0700 (PDT) Date: Wed, 19 Oct 2022 21:54:08 +0300 From: Efraim Flashner To: "dabbede@gmail.com" Cc: Felix Lechner , help-guix@gnu.org Subject: Re: Connection refused to Guix-hosted SSH Message-ID: Mail-Followup-To: "dabbede@gmail.com" , Felix Lechner , help-guix@gnu.org References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="azcNFZttqUl03e/A" Content-Disposition: inline In-Reply-To: X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Received-SPF: pass client-ip=2a00:1450:4864:20::634; envelope-from=efraim.flashner@gmail.com; helo=mail-ej1-x634.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1666208493; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=iMtC0lKjPLp9+eGGCjObw7xCABky/82T0ocH5P1zMU8=; b=XIbAGVV0AR19KYHErrpM3tpbWTKVbAvTFFCOKQzJllmVa5RdtUz8Kvj1NkqqgsFYU6LD+Q w9ftEvJkiASn18fAaBA4koZu2fvTknCRMQKQLCyxbHCUb9YRCZQtJPcZ9cjqLUZ1gfL3qP xRylBJ+uaMs8gZZyEYT0t4c99RmHFOFz+33BLKAfVB/2DUu37PT1bIKhLMv2bm473jiiny AJR/vmN9lHw28vPZ7ELNL4Ncc6NqN3F7qBLv1yJcBbN3kMe5o6isZFPemGDErkojzJzfLy AqHxZ3NV7YpBrw2ZFljNyehJKRu//iNc4CXd2CIj4uY9Ki69Crgp9ZK2fYKmvw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666208493; a=rsa-sha256; cv=none; b=TiovLll1Ubz4hiV2EZUzJM6Mu4osbXChh4kv7Nvl3GJei8h8WKwPIyqIZ6qlJyDkbD+vFw NNZGgglf2jopvlRPr7SghJueEHrEwlTZ715ud8NnzD2ifPCjqOvgz1hFMbWB28ysel8se3 pMnJc7yZZFTa+g0PrH/GjVTscB1zpG5uD0CpAOn/7YECCMRweAWk87XzMWTBw6rnvMfjWt MtQUj1u1hCszZEMqNZ61r0XR8TW4Qp95lHC8q+ZpeBZc+yPmwRdQ7u95tkPvigIoDBnrCC thOkzabYy/4d8x1ylSwvw+HMO1NBD8HmRvpm4UimdD0m5pVoAl0MqzeXnwpH9A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=bNOrxELc; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 4.48 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=bNOrxELc; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 3058A37CED X-Spam-Score: 4.48 X-Migadu-Scanner: scn1.migadu.com X-TUID: tW+ERasLEORj --azcNFZttqUl03e/A Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =46rom a previous email it looks like you only have an rsa key debug1: Connection established. debug1: identity file /home/pcp/.ssh/id_rsa type 0 debug1: identity file /home/pcp/.ssh/id_rsa-cert type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/pcp/.ssh/id_ed25519 type -1 debug1: identity file /home/pcp/.ssh/id_ed25519-cert type -1 debug1: identity file /home/pcp/.ssh/id_ed25519_sk type -1 debug1: identity file /home/pcp/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/pcp/.ssh/id_xmss type -1 debug1: identity file /home/pcp/.ssh/id_xmss-cert type -1 debug1: identity file /home/pcp/.ssh/id_dsa type -1 debug1: identity file /home/pcp/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9 On Fri, Oct 14, 2022 at 10:01:57PM +0200, dabbede@gmail.com wrote: > On Fri, Oct 14, 2022 at 7:06 PM Felix Lechner > wrote: > > > > Hi, > > > > On Fri, Oct 14, 2022 at 1:54 AM dabbede@gmail.com w= rote: > > > > > > Finally, I also tried to manually start sshd on port 2222 > > > > I think that is a fabulous idea, especially if you can prevent > > daemonization with -d (or -D). > > > > > this is the output /etc/ssh/sshd_config: No such file or directory > > > > The sshd_config is in /gnu/store. It is generated by 'guix system > > reconfigure'. You can see all available versions with > > > > ls -ld /gnu/store/*sshd-config > > > > In a bind, I would pick one that should work and pass it via -f. >=20 > I just have 3 versions in /gnu/store/, all of them very similar one > another. I just picked up the first one and tried running sshd -d -p > 2222 -f /gnu/store/....path_to_sshd_config > The server starts up waiting for connections. Then, on another tty > (and another user), I try to connect to port 2222 in localhost: client > side receives "Connection reset by 127.0.0.1 port 2222", while the > server side reports this: >=20 > debug1: sshd version OpenSSH_8.9, OpenSSL 1.1.1q 5 Jul 2022 > debug1: private host key #0: ssh-rsa > SHA256:stg5akPHR8JGdXPXmqUYJhhZFj1UmEmWx19el4EiHGM > debug1: private host key #1: ecdsa-sha2-nistp256 > SHA256:zfyEMyjDdSOHX3e9byADPp5sm7Pu6zdq2jnQSWbDo+4 > debug1: private host key #2: ssh-ed25519 > SHA256:tBpk8+XR3GalUmNqIxT6ITf5Tyy8WKVSxBULZjAmQqI > debug1: rexec_argv[0]=3D'/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-open= ssh-8.9p1/sbin/sshd' > debug1: rexec_argv[1]=3D'-d' > debug1: rexec_argv[2]=3D'-f' > debug1: rexec_argv[3]=3D'/gnu/store/h5hri15x24vljfahpwv1b4dva69nbis3-sshd= _config' > debug1: rexec_argv[4]=3D'-p' > debug1: rexec_argv[5]=3D'2222' > debug1: Set /proc/self/oom_score_adj from 0 to -1000 > debug1: Bind to port 2222 on 0.0.0.0. > Server listening on 0.0.0.0 port 2222. > debug1: Bind to port 2222 on ::. > Server listening on :: port 2222. > debug1: Server will not fork when running in debugging mode. > debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 > debug1: sshd version OpenSSH_8.9, OpenSSL 1.1.1q 5 Jul 2022 > debug1: private host key #0: ssh-rsa > SHA256:stg5akPHR8JGdXPXmqUYJhhZFj1UmEmWx19el4EiHGM > debug1: private host key #1: ecdsa-sha2-nistp256 > SHA256:zfyEMyjDdSOHX3e9byADPp5sm7Pu6zdq2jnQSWbDo+4 > debug1: private host key #2: ssh-ed25519 > SHA256:tBpk8+XR3GalUmNqIxT6ITf5Tyy8WKVSxBULZjAmQqI > debug1: inetd sockets after dupping: 3, 3 > Connection from 127.0.0.1 port 33818 on 127.0.0.1 port 2222 rdomain "" > debug1: Local version string SSH-2.0-OpenSSH_8.9 > debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9 > debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x04000000 > debug1: permanently_set_uid: 989/983 [preauth] > debug1: list_hostkey_types: > rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] ^^^ There are rsa keys listed here, so the server should have rsa keys in /etc/ssh. > debug1: SSH2_MSG_KEXINIT sent [preauth] > debug1: monitor_read_log: child log fd closed > debug1: do_cleanup > debug1: Killing privsep child 366 >=20 > I'm puzzled, as I don't understand exactly what went wrong... >=20 > > To find the version that is actually used by your current system > > generation and corresponds to your latest config.scm would require > > some sleuthing. You may have to examine the symbolic links in the > > system profile and, possibly, in /gnu/store. You may be able to get > > better advice about that in #guix on IRC. > > > > Either way, please do not make any manual changes to /gnu/store, > > however tempting it may appear. > > > > Kind regards > > Felix Lechner >=20 > Thanks again, regards There was recently a change in openssh to deprecate support for rsa-sha1 keys. Try generating new ssh keys using a newish version of openssh and using that as your keys for pcp or test, and see if that works for connecting using a key. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --azcNFZttqUl03e/A Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmNQR80ACgkQQarn3Mo9 g1Et9xAAg2Tq0KYBxjOXB5G9Qtv3LIPtgpbUhgjnbXC/HsLN3clJPGcJ2SxoC0Ec GlOzF2/taA1vH239lYIxC+2apbjWh6hfyClKHQHbQ7bMjpdNU4XptCLZ5w2dArop 2ZeUZFlwP5lARpxBzkj2h/irCx72fzugTHLEemd35yOS9dKn2HaDXSWEdJP+bNfs 38yJk8UE6P4K2VT+pL/kZlhfjpde1jZpVCcJeClCTUejNePLk0v8Zzu47Xvd5Mdu woXr1yvkyuIqZX8CwO++H2FUue9+NeVwc13gkvO6RqHZEm+61xJA50QYe2ldYnnA WsYvWXZf6LFgeZHXaqs9EDNAhdgKl9l09IqAlDthuhRF8XyZ9X61AmwNwGgwHZzJ 5fB8wTX/JXHkoGLsWzbRYW1z6bI2Fui6pt4vnKwtauLujezw2zovam0SbuH7MOBn J6rCf1zUzh03fc+ehVCwO/JklUUbXy4EYmfFQdOM1GYzeTbiCuVTskYXDdYbVPWf rc9Z0XUUQvAMHVRR1kmfqHMjsJh2OimCWDOMTYk0AqZgzClApS7TdV1fTOXSaLiA 286jfZpqyvrOSCz45lBOq8Nw31JoQ1Fsuk1WTSUYsbKYlKQGPezh5/gilWJ5r7W3 NfxPGoBPv0kTvDRKg9HlsU5A+GeFKqKdyfuQ5GpuQnTIhlRXpmw= =BjDu -----END PGP SIGNATURE----- --azcNFZttqUl03e/A--