Friday, March 30, 2012

Fixing SSH connection Cisco VPN Client in Ubuntu Oneiric

1. To make NetworkManager connect to Cisco VPN. Update your NM packages. http://ubuntuforums.org/showthread.php?t=1750132

2. VPN connected.

3. SSH failed to connect

kholis@kalau:~$ ssh -v user01@192.168.1.2
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/kholis/.ssh/id_rsa type 1

debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/kholis/.ssh/id_rsa-cert type -1
debug1: identity file /home/kholis/.ssh/id_dsa type -1
debug1: identity file /home/kholis/.ssh/id_dsa-cert type -1
debug1: identity file /home/kholis/.ssh/id_ecdsa type -1
debug1: identity file /home/kholis/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer

Solution: 
Edit /etc/ssh/ssh_config or $HOME/.ssh/config and add the following line:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,hmac-ripemd160

taken from: https://nowhere.dk/articles/natty-narwhal-problems-connecting-to-servers-behind-cisco-firewalls-using-ssh

4. SSH still failed to connect

kholis@kalau:~$ ssh -v user01@192.168.1.2
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /home/kholis/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22.
debug1: Connection established.
debug1: identity file /home/kholis/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/kholis/.ssh/id_rsa-cert type -1
debug1: identity file /home/kholis/.ssh/id_dsa type -1
debug1: identity file /home/kholis/.ssh/id_dsa-cert type -1
debug1: identity file /home/kholis/.ssh/id_ecdsa type -1
debug1: identity file /home/kholis/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA a3:26:ed:2f:39:0b:a1:c3:40:93:a9:02:55:24:39:45
debug1: Host '192.168.1.2' is known and matches the RSA host key.
debug1: Found key in /home/kholis/.ssh/known_hosts:40
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address

Solution: 
Add your destionation server hostname and ip address in /etc/hosts. 
192.168.1.2    server01


5. Voila! :)

5 comments:

  1. Secure Shell (SSH) is a protocol used for secure data communication. It essentially tunnels through a network to the end host. SSH is commonly used to administrate Linux servers, so it is designed with security in mind. The encryption SSH uses provides confidentiality and integrity of the data over an insecure network. If you are on a laptop, it is imperative you at least use an SSH tunnel when you connect to other networks.

    SSH VPN Review

    ReplyDelete
  2. Good fix.Thanks for your job.Check this site.
    top10-bestvpn.com

    ReplyDelete
  3. Many thanks.This fix helps with problem.
    It works good.Awesome blog.
    10webhostingservice.com

    ReplyDelete
  4. Depends on what you want to use the VPN for. Most people don't want to tunnel certain traffic using their own internet connection if you know what I mean.

    Regards
    Ashley Jones
    Deepwebsiteslinks.com

    ReplyDelete
  5. After PIA and Netflix practically told me to go to hell when using them with Netflix/VPN for the last 3 years or so, I found myself needing a new VPN service that worked. I decided to try NordVPN and to my surprise it is working at full speed and they gave me a 3 day trial to make sure. I live in the USA and only get USA content, but I must have the privacy 24/7 and I must have the 5800 kbps streams. Only PIA was capable of that 3 years ago. Thanks NordVPN for stepping up to the recent Netflix challenges. I hope it continues to work or I will have to give up Netflix altogether.

    VPN Providers
    Darknetmarkets

    ReplyDelete