I just updated my F22 machine from openssh-6.9p1-7.fc22.x86_64 to 6.9p1-8.fc22.x86_64 and ssh to any host fails with: ssh_dispatch_run_fatal: Connection to 127.0.0.1: no matching key exchange method found I find when I run kdestroy first, ssh works fine but of course without a principal the remote server can't read my home directory so I have to do password auth. The error occurs regardless of whether the remote host even supports kerberos. The logs aren't too huge, so I'll just paste them here. > ssh -vvv localhost OpenSSH_6.9p1, OpenSSL 1.0.1k-fips 8 Jan 2015 debug1: Reading configuration data /home/tibbs/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: /etc/ssh/ssh_config line 81: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/tibbs/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/tibbs/.ssh/id_rsa-cert type -1 debug1: identity file /home/tibbs/.ssh/id_dsa type 2 debug1: key_load_public: No such file or directory debug1: identity file /home/tibbs/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/tibbs/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/tibbs/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/tibbs/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/tibbs/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9 debug1: match: OpenSSH_6.9 pat OpenSSH* compat 0x04000000 debug2: fd 4 setting O_NONBLOCK debug1: Authenticating to localhost:22 as 'tibbs' debug3: Trying to reverse map address 127.0.0.1. debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q== debug3: hostkeys_foreach: reading file "/home/tibbs/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/tibbs/.ssh/known_hosts:70 debug3: load_hostkeys: loaded 1 keys from localhost debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts" debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01,ssh-rsa-cert-v00,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==,(null) debug2: kex_parse_kexinit: ssh-rsa-cert-v01,ssh-rsa-cert-v00,ssh-rsa,ecdsa-sha2-nistp256-cert-v01,ecdsa-sha2-nistp384-cert-v01,ecdsa-sha2-nistp521-cert-v01,ssh-ed25519-cert-v01,ssh-dss-cert-v01,ssh-dss-cert-v00,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss,null debug2: kex_parse_kexinit: chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se debug2: kex_parse_kexinit: chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se debug2: kex_parse_kexinit: umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-sha1-etm,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-sha1-etm,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib,zlib debug2: kex_parse_kexinit: none,zlib,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm debug2: kex_parse_kexinit: chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm debug2: kex_parse_kexinit: umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-sha1-etm,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-sha1-etm,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug1: kex: server->client chacha20-poly1305 <implicit> none debug1: kex: client->server chacha20-poly1305 <implicit> none ssh_dispatch_run_fatal: Connection to 127.0.0.1: no matching key exchange method found
Some additional info. It's been pointed out that somehow localhost might be special. The host I use doesn't matter. ssh fails using hostnames, FQDNs or IP addresses to any host, regardless of what the server appears to be running. (Fails even to a RHEL5 machine, the oldest thing I have on hand.) I can provide a log for something that's not localhost if that would be useful. The problem still happens if I kdestroy and kinit to get a new principal, though of course it does work if I just do "kdestroy". Though the dates on sshd_config and moduli changed in the update, their contents don't differ. I have made no local modification to sshd_config. Even if I manually configure a machine with GSSAPIAuthentication no, or pass that on the command line, ssh still fails.
Hello. Thanks for the report. There were several changes during last few upstream releases and I probably screw up the backport from upstream version (hope it work there) of this patch and missed this use case. Can you try this scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=11349771
Yes, that build appears to work for me. Unfortunately it's not easy for me to try other releases as I can't reproduce the problem on any other machine; otherwise I'd try out F23 or rawhide. Though I guess I could just rebuild the rawhide openssh package. I'll do that and let you know how it goes. Though, just to satisfy my curiosity, could you let me know where the issue actually lies? I'd really like to know what's special about this one machine.
I was trying to reproduce the same thing during afternoon, but finally I see your problem from f22 with ticket and gssapi keyexchange configured to rawhide without gssapi keyexchange configured. The problem was that upstream moved the definition of default mechanisms between versions (6.9 and 7.0 if I am right, now difference between Fedora 22 and Fedora 23) and the bug was that I have overwrote the default key exchange methods with gssapi key exchange methods and the intersection between these two was empty, as visible in your logs: > debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==,(null) > debug2: kex_parse_kexinit: curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 I reverted on of the commits and tested also the scratch build and it solved the issue.
openssh-6.9p1-9.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-8ca92cd6e2
Anyway if you hit this issue, you can workaround it by setting GSSAPIKeyExchange no
openssh-6.9p1-9.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update openssh' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-8ca92cd6e2
openssh-6.9p1-9.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.