Tuesday, July 07, 2015

Public Service Announcement: Putty

A recent upgrade of sshd apparently broke my saved putty connections, which have a deprecated key-exchange protocol on the top of the "Algorithm selection policy."

It manifests itself as a long pause, showing a black putty terminal window, followed by the message: PuTTY Fatal Error: Server unexpectedly closed network connection.


The putty event window will show it being stuck in the "Doing Diffie-Hellman group exchange" phase.

From Chris’ Miscellanea

If you run your sshd in debug mode, you'll see that sshd isn't happy with the selection of the key exchange protocol.

➜  ~  sudo /usr/sbin/sshd -p 2222 -d
debug1: sshd version OpenSSH_6.9, OpenSSL 1.0.2c 12 Jun 2015
(...)
debug1: kex: server->client aes256-ctr hmac-sha2-256 none [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
Hm, kex protocol error: type 30 seq 1 [preauth]
Connection closed by 10.120.102.56 [preauth]
(...)

From Chris’ Miscellanea

It seems that OpenSSH recently had removed an ancient method of key exchange, as is to be read on this thread on the misc@OpenBSD mailing list.

If you open putty 's session configuration and move the "Diffie-Hellmann group exchange" right to the bottom of the "Algorithm selection policy" (Configuration / Connection / SSH / Kex), everything works again.

From Chris’ Miscellanea