staging.inyokaproject.org

pesobs schrieb:

ich habe neue Schlüssel generiert...

Evtl. hat der SSH-Server dann ein Problem mit dem "neuen" id_rsa.pub.

Hast Du noch den alten rsa-Schlüssel?

Die alten Schlüssel habe ich nicht mehr. Wurde denn das Format der Schlüssel zwischen Ubuntu 20.04 und 22.04 verändert?

Was mir da noch einfällt, in der Datei /etc/ssh/config musste ich folgende Einträge ergänzen:

  HostKeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms +ssh-rsa

Ohne diese Einträge, zumindest den ersten der beiden, kam eine Meldung, dass kein Schlüssel ausgehandelt werden könne:

Unable to negotiate with 192.168.178.26 port 22: no matching host key type found. Their offer: ssh-rsa

pesobs schrieb:

Wurde denn das Format der Schlüssel zwischen Ubuntu 20.04 und 22.04 verändert?

Lt. deinem Problem, ja.

pesobs schrieb:

Was mir da noch einfällt, in der Datei /etc/ssh/config musste ich folgende Einträge ergänzen:

  HostKeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms +ssh-rsa

D. h., ssh-rsa gehört nicht mehr zum Standard:

Alternately if the specified value begins with a '+' character, then the key types after it will
             be appended to the default instead of replacing it.

BTW: Siehe in der manpage für ssh_config.

Dass man jahrelang genutzte Schlüsselformate ändert, fände ich ungewöhnlich. Deutet das nicht eher auf einen Fehler in OpenSSH hin?

Nein, das ist gewollt, vgl. https://www.openssh.com/txt/release-8.8:

Potentially-incompatible changes
================================

This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]

For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.

Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:

    Host old-host
        HostkeyAlgorithms +ssh-rsa
	PubkeyAcceptedAlgorithms +ssh-rsa

We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Danke für den LINK!

dort steht aber auch folgendes:

Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:

    Host old-host
        HostkeyAlgorithms +ssh-rsa
	PubkeyAcceptedAlgorithms +ssh-rsa

Diese beiden Angaben hatte ich in der config ergänzt, und trotzdem wird das Passwort abgefragt. Oder muss das für einen ganz konkreten Host, in diesem Fall 192.168.178.26 angegeben werden?

pesobs schrieb:

Diese beiden Angaben hatte ich in der config ergänzt, und trotzdem wird das Passwort abgefragt. Oder muss das für einen ganz konkreten Host, in diesem Fall 192.168.178.26 angegeben werden?

Ja, solche Ausnahmen sollte man wie in dem Changelog angegeben für einen konkreten Host definieren.

Falls es dann immer noch hakt könntest du ssh mal noch etwas gesprächiger machen (man kann bis zu -vvv gehen, aber -vv sollte genügen, um zu sehen, was der Server an Algorithmen anbietet):

$ ssh -vv -o "PasswordAuthentication no" root@192.168.178.26 

Habe jetzt die /etc/ssh/ssh_config ergänzt; so wie angegeben Host-spezifische Parameter zuerst:

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Include /etc/ssh/ssh_config.d/*.conf

Host 192.168.178.26
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

Der Aufbau einer Verbindung ohne Passwort-Eingabe geht leider trotzdem immer noch nicht; "Permission Denied"

peter@latitude:/etc/ssh$ ssh -vv -o "PasswordAuthentication no" root@192.168.178.26
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 18: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 20: Applying options for 192.168.178.26
debug1: /etc/ssh/ssh_config line 24: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.178.26 is address
debug1: Connecting to 192.168.178.26 [192.168.178.26] port 22.
debug1: Connection established.
debug1: identity file /home/peter/.ssh/id_rsa type 0
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519 type 3
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_xmss type -1
debug1: identity file /home/peter/.ssh/id_xmss-cert type -1
debug1: identity file /home/peter/.ssh/id_dsa type 1
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version dropbear_2016.74
debug1: compat_banner: no match: dropbear_2016.74
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.178.26:22 as 'root'
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.au
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: compression ctos: zlib@openssh.com,none
debug2: compression stoc: zlib@openssh.com,none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:mm9Ysui5dGO4zX+m7TOBm0SOpPDBbS/aba/MKt8CZ5o
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.178.26' is known and matches the RSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:1
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 3 keys
debug1: Skipping ssh-dss key /home/peter/.ssh/id_dsa - corresponding algo not in PubkeyAcceptedAlgorithms
debug1: Will attempt key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug1: Will attempt key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa 
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/peter/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/peter/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/peter/.ssh/id_ecdsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/peter/.ssh/id_ed25519_sk
debug1: Trying private key: /home/peter/.ssh/id_xmss
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
root@192.168.178.26: Permission denied (publickey,password).

Was mache ich nur falsch???

Kannst du mal mit nmap schauen, was der Server so alles kann:

nmap --script ssh2-enum-algos -sV -p  22 192.168.178.26 

Klappt es eventuell, wenn du einen schwächeren Key-Exchange Algorithmus dazu nimmst?

ssh -vvv -oKexAlgorithms=+diffie-hellman-group14-sha1 root@192.168.178.26 

Hier die Ausgabe zu dem erstgenannten Kommando

peter@latitude:~$ nmap --script ssh2-enum-algos -sV -p  22 192.168.178.26
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-17 22:17 CEST
Nmap scan report for vuduo2.fritz.box (192.168.178.26)
Host is up (0.00038s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     Dropbear sshd 2016.74 (protocol 2.0)
| ssh2-enum-algos: 
|   kex_algorithms: (7)
|       curve25519-sha256@libssh.org
|       ecdh-sha2-nistp521
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp256
|       diffie-hellman-group14-sha1
|       diffie-hellman-group1-sha1
|       kexguess2@matt.ucc.asn.au
|   server_host_key_algorithms: (1)
|       ssh-rsa
|   encryption_algorithms: (9)
|       aes128-ctr
|       aes256-ctr
|       aes128-cbc
|       aes256-cbc
|       twofish256-cbc
|       twofish-cbc
|       twofish128-cbc
|       3des-ctr
|       3des-cbc
|   mac_algorithms: (5)
|       hmac-sha1-96
|       hmac-sha1
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac-md5
|   compression_algorithms: (2)
|       zlib@openssh.com
|_      none
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.52 seconds
peter@latitude:~$ 

Und hier die Ausgabe auf das zweitgenannte Kommando; endet wieder mit Passwortabfrage.

peter@latitude:~$ ssh -vvv -oKexAlgorithms=+diffie-hellman-group14-sha1 root@192.168.178.26
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 18: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 20: Applying options for 192.168.178.26
debug1: /etc/ssh/ssh_config line 24: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.178.26 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/peter/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/peter/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.178.26 [192.168.178.26] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/peter/.ssh/id_rsa type 0
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519 type 3
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_xmss type -1
debug1: identity file /home/peter/.ssh/id_xmss-cert type -1
debug1: identity file /home/peter/.ssh/id_dsa type 1
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version dropbear_2016.74
debug1: compat_banner: no match: dropbear_2016.74
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.178.26:22 as 'root'
debug3: record_hostkey: found key type RSA in file /home/peter/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from 192.168.178.26
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.au
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: ciphers stoc: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-md5
debug2: compression ctos: zlib@openssh.com,none
debug2: compression stoc: zlib@openssh.com,none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:mm9Ysui5dGO4zX+m7TOBm0SOpPDBbS/aba/MKt8CZ5o
debug3: record_hostkey: found key type RSA in file /home/peter/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from 192.168.178.26
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.178.26' is known and matches the RSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 3 keys
debug1: Skipping ssh-dss key /home/peter/.ssh/id_dsa - corresponding algo not in PubkeyAcceptedAlgorithms
debug1: Will attempt key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug1: Will attempt key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa 
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/peter/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/peter/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/peter/.ssh/id_ecdsa
debug3: no such identity: /home/peter/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/peter/.ssh/id_ecdsa_sk
debug3: no such identity: /home/peter/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/peter/.ssh/id_ed25519_sk
debug3: no such identity: /home/peter/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/peter/.ssh/id_xmss
debug3: no such identity: /home/peter/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@192.168.178.26's password: