> On 04/22/2012 07:58 PM, Timothy Pearson wrote:
>>> On 04/22/2012 06:59 PM, David C. Rankin wrote:
>>>>   So it looks like that is the recommended direction. A complete
>>>> re-write is way
>>>> beyond me, so we will need the skill of the c/c++ gurus to help with
>>>> this bug.
>>>>
>>>
>>> Can someone who knows the openssh responses (as well as c++), help take
>>> a
>>> look
>>> at the top of ksshprocess.cpp -- we might avoid a complete rewrite if
>>> we
>>> can
>>> update the response tables for the newer versions of openssh.
>>> ksshprocess
>>> does
>>> response lookups depending on the openssh version. If this has been the
>>> problem
>>> all along -- we may be able to put off the complete rewrite and fix
>>> sftp:// for
>>> 3.5.14.
>>>
>>
>> This is very useful information that should be posted to the bug report.
>> My initial guess would be that the mechanism TDE uses to determine SSH
>> version is failing with the latest SSH binaries.  Can you also post the
>> output of 'ssh -v' on your system, specifically the version line?
>>
>> Thanks!
>>
>> Tim
>
>
> Tim,
>
>   I hope it can be this straight forward. I'll add all this information to
> the
> bug report. Here is my normal connection (I have pre-shared keys) I'll
> also get
> the information for a usual login as well (will be later tonigh):
>
> 21:06 archangel:/dat_e/pkg> ssh -v nirvana
> OpenSSH_5.9p1, OpenSSL 1.0.1 14 Mar 2012
> debug1: Reading configuration data /home/david/.ssh/config
> debug1: /home/david/.ssh/config line 26: Applying options for nirvana
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to nirvana [192.168.6.17] port 6660.
> debug1: Connection established.
> debug1: identity file /home/david/.ssh/id_rsa type -1
> debug1: identity file /home/david/.ssh/id_rsa-cert type -1
> debug1: identity file /home/david/.ssh/id_dsa type 2
> debug1: identity file /home/david/.ssh/id_dsa-cert type -1
> debug1: identity file /home/david/.ssh/id_ecdsa type -1
> debug1: identity file /home/david/.ssh/id_ecdsa-cert type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
> debug1: match: OpenSSH_5.9 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.9
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ECDSA fd:59:75<snipped>0d:6b
> debug1: Host '[nirvana]:6660' is known and matches the ECDSA host key.
> debug1: Found key in /home/david/.ssh/known_hosts:25
> debug1: ssh_ecdsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/david/.ssh/id_rsa
> debug1: Offering DSA public key: /home/david/.ssh/id_dsa
> debug1: Server accepts key: pkalg ssh-dss blen 434
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> Authenticated to nirvana ([192.168.6.17]:6660).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions@...
> debug1: Entering interactive session.
> Last login: Sun Apr 22 01:29:55 2012 from ochiltree-d2.3111skyline.com
>
> ====== slightly OT openssl patch =============
>
>   I have also found a 'openssl' 1.0.0 patch for openssl in kdelibs. I
> don't know
> if this has been applied to TDE yet, but I've included that as well in
> case it
> hasn't.

I just tested on my Debian Squeeze system with OpenSSH_5.5p1 and OpenSSL
0.9.8o, and sftp from GIT worked perfectly.  I am going to try a newer
system to see if I can get it to fail.

Tim