Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
faq:tcpip [2016/09/13 12:01] – [Ports] Added scanmyports.ssjs to cvs.synchro.net too. digital manfaq:tcpip [2018/02/17 19:55] – [SSH Kex Algo] updated to mention cryptlib 3.4.4 and issue with .ssh/config work-around if left in place digital man
Line 14: Line 14:
   * [[#bandwidth|How many nodes/clients/users can I support with my Internet connection]]?    * [[#bandwidth|How many nodes/clients/users can I support with my Internet connection]]? 
   * [[#block_hackers|Can Synchronet automatically block the IP address of hackers]]?   * [[#block_hackers|Can Synchronet automatically block the IP address of hackers]]?
 +  * [[#ssh_kex_algo|Why do some SSH clients fail to connect to my BBS]]?
  
 ===== Ports ===== ===== Ports =====
Line 289: Line 290:
 :!: **Answer:**\\ :!: **Answer:**\\
 Yes, see [[howto:Block-Hackers]] for detailed instructions. Yes, see [[howto:Block-Hackers]] for detailed instructions.
 +
 +===== SSH Kex Algo =====
 +:?: **Question:**\\
 +Why do some SSH clients (e.g. [[http://www.openssh.com/|OpenSSH]]) fail to connect to the Synchronet SSH Server?
 +
 +Example:
 +  $ ssh vert.synchro.net
 +  $ Received disconnect from 71.95.196.34: 2: Handshake failed
 +  
 +or:
 +  Unable to negotiate with legacyhost: no matching key exchange method found.
 +  Their offer: diffie-hellman-group1-sha1
 +
 +:!: **Answer:**\\
 +
 +//**NOTE: This has been fixed in CVS now.**//
 +
 +Synchronet uses [[http://www.cs.auckland.ac.nz/~pgut001/cryptlib/|Cryptlib]], a cryptographic library, for SSH and TSL/SSL support in Synchronet. Cryptlib's v3.4.2 SSH support uses an older "Key Exchange Algorithm". OpenSSH has deprecated support for this older key exchange algorithm. Cryptlib v3.4.4, the currently latest version of Cryptlib now used by Synchronet, does not have this problem.
 +
 +From the OpenSSH [[http://www.openssh.com/legacy.html|legacy page]]:
 +> OpenSSH implements all of the cryptographic algorithms needed for compatibility with standards-compliant SSH implementations, but since some of the older algorithms have been found to be weak, not all of them are enabled by default.
 +
 +Workarounds for OpenSSH:
 +
 +  $ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@yourbbs.com
 +
 +or in the ''~/.ssh/config'' file (OpenSSH v6):
 +
 +  Host yourbbs.com
 +  KexAlgorithms diffie-hellman-group1-sha1
 +  
 +**Note:**
 +If you created this file to work-around the cryptlib v3.4.2 compatibility issue, you will need to remove this file or modify it after updating to cryptlib v3.4.4  (currently, the latest).
 +
 +or in the ''~/.ssh/config'' file (OpenSSH v7):
 +
 +  Host yourbbs.com
 +  KexAlgorithms +diffie-hellman-group1-sha1
 +
 +Note: Run ''ssh -V'' to see what version of OpenSSH you have.
 +
 +:!: **Answer:**\\
 +Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm.
 +
 +Workaround for OpenSSH (reported by nelgin):
 +
 +  $ ssh -m hmac-md5 user@yourbbs.com
  
  

Trace: