Koozali.org: home of the SME Server

SME 10 Alpha 5 & SSH...

Offline STRyk

  • ****
  • 190
  • +0/-0
SME 10 Alpha 5 & SSH...
« on: December 14, 2020, 07:22:51 AM »
Bonjour,
J'essaye de comprendre SME 10 Alpha 5, mais je n'arrive pas à me connecter via SSH :

Quand je tappe :
# ssh root@ip-machine

Il me dit ceci :
Code: [Select]
no matching mac found: client hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 server hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

Est-ce valable ?
https://blog.hostonnet.com/centos-7-no-matching-mac-found

Mais comment aller modifier la chose sans SSH ?
Merci.

Offline gieres

  • *
  • 213
  • +0/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #1 on: December 14, 2020, 10:37:12 PM »
Bonjour,
Évidemment il faut pouvoir accéder aux 2 machines en ligne de commande.
Désolé pour le message précédent mais j'ai lu un peu trop vite : je pensais qu'il s'agissait de la version 9.2 qui a du mal à être jointe depuis une Debian 10 ou une Fedora.
Donc effectivement, comme dit John, maintenant, c'est le problème de ta machine connectante.
Bonne journée.
« Last Edit: December 15, 2020, 02:56:58 PM by gieres »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #2 on: December 15, 2020, 01:51:57 PM »
I think the problem is your client, not the server.

Upgrade your client to work with the newer protocols.

Do not weaken your server security by adding insecure protocols.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline STRyk

  • ****
  • 190
  • +0/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #3 on: December 24, 2020, 10:22:28 PM »
Ce qui m'énerve déjà c'est que je n'ai pas changé de client.
Donc il va falloir en trouver une autre mais j'utilise Mac OSX et ces abrutis d'Apple ont refait le monde tout les ans, il y en a marre. :(
Je ne vois pas encore comment je vais pouvoir rentrer dans cet OS. Du délire...
Prions que les fabriquants de wc ne leur prennent pas l'envie de mettre une puce de sécurité et qu'elle ne devienne pas obsolète, on se retrouverai rapidement dans le caca !
Merci tout de même...

Offline STRyk

  • ****
  • 190
  • +0/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #4 on: January 04, 2021, 01:13:15 AM »
Qu'est-ce que SME 10 a besoin de plus pour que je sache quoi prendre comme client ?
Merci.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #5 on: January 04, 2021, 02:11:57 AM »
The problem is with your client, not SME.

SME(CentOS) is only allowing modern cipher standards.

*Up to date* Apple should have no issues if you use a ordinary term. (They have actually enforced stricter standards on some things - no bad thing)

Search online how to check what your server uses:

https://duckduckgo.com/?q=ssh+show+available+ciphers

Then check your client and also your client .ssh/config

It really is an issue you need to fix on the client, not SME.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: SME 10 Alpha 5 & SSH...
« Reply #6 on: February 04, 2021, 08:41:21 PM »
Qu'est-ce que SME 10 a besoin de plus pour que je sache quoi prendre comme client ?
Merci.

SME 10 a besoin de l'un de ceux la

Code: [Select]
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com


tu peux savoir ce que fourni ton client en tapant dans la console de ton client . exemple sur Fedora 33

Code: [Select]
$ ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com

Code: [Select]
$ ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com


Offline STRyk

  • ****
  • 190
  • +0/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #7 on: March 22, 2021, 03:42:37 PM »
Merci, je comprends mieux.
Je l'ai désactiver pour tester SME10 avec tout ce que j'ai ajouté dans SME 9.2.
:)

Offline STRyk

  • ****
  • 190
  • +0/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #8 on: November 26, 2021, 05:23:39 PM »
Pour revenir sur la chose, j'ai venté SME à un ami, assez réticent à Linux.
J'ai dû lutter bien longtemps pour qu'il daigne installer SME, je lui ai expliqué longuement comment l'utiliser il s'y est mis avec 9.2.0. Il ne comprennait rien à l'installation..  :D
Après 2 ans sur SME, avec cette nouvelle version il a laissé tombé.  :(
Même en ayant donné cette astuce, il trouve très contraignant de devoir réapprendre beaucoup de choses. :(
Il est passé sur ubuntu (qui n'a rien à voir !!!!) car il y a une interface graphique.

Ajouter des couches de sécurité c'est bien mais ca ne permet pas aux initiés d'entrer et perdurer dans un système devenu trop complexe.
Les scripts (simple) que je lui avait fait sont maintenant inutiles.

En passant je me demande aussi si cette astuce à servi à quelqu'un !
 :lol:

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SME 10 Alpha 5 & SSH...
« Reply #9 on: November 26, 2021, 07:28:38 PM »
Quote
After 2 years on SME, with this new version he gave up.

That's very sad, but it is no more difficult for most users than previous versions. And you had been give a solution in this instance.

We're sorry that it won't support his 2005 Mac but that is the due to decisions made upstream. And no one has any time or interest in trying to add Avahi as it would mean huge changes to the back end.

This thread refers:

https://forums.contribs.org/index.php/topic,54566.0.html

Quote
Even having given this tip, he finds it very constraining to have to relearn a lot of things. :(

We all found it hard because we all do this is our spare time. But times change and we have to move on. We all knew that this would happen several years ago and as prudent admins we started to prepare for changes then.

Quote
He switched to ubuntu (which has nothing to do with !!!!) because there is a graphical interface.

Hmmm.......

I am extremely surprised he found it easier with Ubuntu when you/they struggle to learn knew things. Ubuntu server is massively more difficult than SME to set up, unless you have a lot of experience.

The server is extremely basic out of the box, has no GUI, and is not very easy to configure unless you are prepared to learn a lot. SME is way easier. A full GUI on a server just adds unnecessary overhead. Nor does it make it easier to configure.

Ubuntu server is definitely not an easy option and has a steep learning curve. So forgive me if I treat this claim with a degree of skepticism.

Quote
Adding layers of security is good, but it does not allow insiders to enter and persist in a system that has become too complex.

We did not add any complexity. This is added security. They are not the same. In any event Redhat did it, and rightly so. Do you want bad actors  taking advantage of weak security and getting inside your server? Note - Ubuntu has exactly the same levels of security - if you are on the latest LTS then probably even higher.

Unfortunately you are using old, out of date, and insecure software. You have been told how to lower your security to get around this (at least for now) but you do that at your own risk and need to realise that these options may well be removed before long. This is not unusual.

We know you are not happy with the changes, in v10 but the core parts that you rail against are not our fault and we have tried to make progress as easy and painless as possible.

All the problems you have experienced that I have witnessed here are due to your insistence on using ancient unsupported software.

Please stop berating volunteers here just because you aren't prepared to accept change and prefer to fight it.

It is against forum rules and you have been put on the moderation list now.

Thank you.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation