[Blind-sysadmins] Re: Windows ssh Client

Hello, Thanks everyone for your responses. I got to give this one to Vandyke they got it. What I did was uninstalled my version of SecureCRT and installed the 8.5.4 demo, worked fine. Here's the thing, my original user-profile stored security settings stayed the same, so 8.5.4 used my previously-working config without making a new one. The solution was in my case to shutdown SecureCRT, and rename %appdata%\vandyke\config to a backup folder name, then restart SecureCRT, it then acted as if the config folder had never been made and set it up, with the more up-to-date protocol settings. Thanks again. Dave. On 6/4/19, Chris Nestrud wrote:

Before you connect with SecureCRT, go to the file menu and enable "Trace Options". When you try to connect, this should show the protocol negotiation in your buffer. If the important information isn't visible, you can use the Edit menu to copy the buffer to the clipboard then paste into notepad for easier review. Reviewing this information may give a clue as to why SecureCRT is unable to connect.

Chris

On Mon, Jun 03, 2019 at 11:11:08PM -0400, David Mehler wrote:

...

Hello,

It's been a long day, so apologies if this message has already been sent, or I might have just thought about doing so.

To any users of SecureCRT 8.x.x 8.5.4 would be best, but i'll take anyone running any 8.x version, and who is connecting to a Linux/Unix Openssh 7.6 to 7.8 server, again 7.8 prefered, I've got a security question for you. What does your configuration on SecureCRT look like and the server configuration your connecting to? I'm trying to get the below working with SecureCRT. This is a snipet of my sshd configuration:

# Modern configuration HostKey /etc/ssh/ssh_host_ed25519_key HostKeyAlgorithms ssh-ed25519 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 # also added curve25519-sha256 didn't solve the issue MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

# Ciphers and keying Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Whenever I have this configuration enabled and atempt to connect with SecureCRT 8.5.4, I get a message that a key exchange algorithm could not be established and it shows the algorithms the server supports, the entries in the KexAlgorithm line above. Now googling led me to this faq which tells me that the above key exchange algorithms should most definitely be working:

https://forums.vandyke.com/showthread.php?t=13272

On the Securecrt side: under edit default session, ssh2, key exchange list box unmodified under edit default session, ssh2, advanced, cipher listbox, mac listbox, both unmodified

I am perplexed. I'm trying to tighten down my sshd configuration make it use more modern Ciphers, Protocols, Macs, and key exchanges. I'm using this as a guide only:

https://stribika.github.io/2015/01/04/secure-secure-shell.html

if anyone has this specific configuration going, or has suggestions on securing/hardening/tightening please let me know.

Thanks. Dave.

On 6/3/19, Andrew Hodgson wrote:

...

Hi,

They've also included Curl!

Andrew.

-----Original Message----- From: Billy Irwin Sent: 03 June 2019 20:42 To: Blind sysadmins list Subject: [Blind-sysadmins] Re: Windows ssh Client

Guys,

I thought I would also share that scp is in the command prompt as well. It is nice that this is included now. I still like WinSCP too though.

Best,

billy

-----Original Message----- From: Simon Eigeldinger Sent: Sunday, June 2, 2019 12:28 PM To: blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] Re: Windows ssh Client

Hi Dave,

They basically compiled OpenSSH to windows. In the old days i did that myself. though they seem to use an older version of LibreSSL.

Greetings, Simon

Am 02.06.2019 um 16:41 schrieb David Mehler:

...

Hello Everyone,

Thanks for your replies. Honestly I've never had a lot of success using Putty, getting it to focus or track what i'm doing especially in a file I'm trying to edit, this is a welcome change.

Is this client Microsoft's own implementation or did they bundle Openssh with windows? And can it handle multiple authentication types, public key, password etc

Thanks. Dave.

On 6/2/19, Andrew Hodgson wrote:

...

Hi,

I didn't know about this either, but it comes with Windows now either with version 1809 or 1903. Won't be using Putty from now on.

Andrew.

-----Original Message----- From: David Mehler Sent: 01 June 2019 15:16 To: Blind sysadmins list Subject: [Blind-sysadmins] Re: Windows ssh Client

Hi,

What built in ssh client?

Thanks. Dave.

On 6/1/19, Bill Dengler wrote:

...

What about the built-in ssh client?

Bill

Sent from my iPhone

> On Jun 1, 2019, at 09:04, David Mehler > wrote: > > Hello, > > I'm using SecureCRT Version 6.2.3, I know that's quite old, but > until I went and atempted to harden my vps server's Openssh 7.8 > setup it worked fine. This version does not support the more > modern/advanced cryptographic hashes, macs, and kex algorithms. This > I > need to change. > > I've tried SecureCRT 8.x but I've found it not accessible and also > does not support the secure setup I'm wanting. > > Is Tteraterm accessible/does it support secure ciphers? > > Thanks. > Dave. > _______________________________________________ > Blind-sysadmins mailing list -- > blind-sysadmins@lists.hodgsonfamily.org > To unsubscribe send an email to > blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren gepr??ft. https://www.avast.com/antivirus _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

---

Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org