No interactive login happening?

Core Tunnel Ask for Support
1

I'm trying to do a very simply SSH tunnel:

ssh -L44301:someremotehosthere:someport -p2222 myuser@myFQDN

I can run the above on commandline and everything works as expected. Here are the commands I run:

  1. SSH prompts for my password (my company won't allow us to store SSH keys on this server)
  2. the remote server prompts for DUO 2FA
  3. I click #1 on the keyboard to allow DUO PUSH (or #2 to have DUO call me, or #3 for txt)
  4. DUO sends the 2FA, responds back the server and then it lets me in.
  5. I can then (from my workstation), go to my localhost tunnel to get to where I need it to go.

With Core Tunnel, I tried to set this up and receive the following:

Equivalent Command: ssh -L 44301:someremotehosthere:someport -o ServerAliveCountMax=3 -o ChallengeResponseAuthentication=yes -o PasswordAuthentication=yes -o ServerAliveInterval=15 -o PreferredAuthentications=keyboard-interactive,password -p 2222 @
21:51:39 Connecting…
21:51:39 Using Core Helper 4.8 (r48)
21:51:39 Authenticating…
21:51:39 Unable to negotiate with port 2222: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
21:51:39 Abnormal Disconnect
21:51:39 Connection failed, retry after 3s…

I've attempted to adjust the settings and ended up with Core Tunnel generating the following:

ssh -L 44301:someremotehosthere:someport -o ServerAliveCountMax=3 -o ChallengeResponseAuthentication=yes -o PasswordAuthentication=yes -o ServerAliveInterval=15 -o PreferredAuthentications=keyboard-interactive,password -p 2222 @

What else could I be doing to make this work?

I thought SSH Tunnel.app used to prompt me with an interactive login. I am thinking that Core Tunnel likely does this too.

Does anyone have suggestions for me?

Core Tunnel v2.5, Release Date: 2020-09-27

I am running macOS 10.15.6, which includes OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. btw, really? Is mac packaging the opensource rhel version of SSH and recompiling its source? heh... either that OR I had once installed fink or brew or something to get that package.

2

Hi Joe,

The connection failed at key exchange stage.

The algorithms diffie-hellman-group*-sha1 were deprecated by OpenSSH 7.0+.

To suppress this error message, just set KexAlgorithms option in Core Shell to +diffie-hellman-group1-sha1:

image
image797Ă—206 32.9 KB

I would rather recommend you change to other more secured algorithms at server end once you get a chance.

Yang

3

That worked perfectly! Thank you Yang!

On a side-note, I talked with my sysadmins RE: the cipher, so we are also working on fixing/improving that in the near future.

1 Like