Can not login with SHHSH to ONE device
Hi,
Could you please let us know how negotiate Tera Term and the firewall.
Please set LogLevel=100 in TERATERM.INI and try to connect, show us log file "TTSSH.log."
Hi
I replied to your e-mail 25.02.2016 with the requested file, but it looks like it has not been added to this case. I will attached here and hopefully you can find the reason for the problem.
Thanks in advance
Thank you for your cooperation and log file.
Tera Term (TTSSH) seems not have a problem.
WORKAROUND:
Change the order of HostKey, move the ecdsa-sha2-nistp384 before the ecdsa-sha2-nistp256.
ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ecdsa-sha2-nistp521 ...
Detail:
LOG shows
client proposal: server host key algorithm: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss server proposal: server host key algorithm: ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
TTSSH parses above proposals as 'ecdsa-sha2-nistp256.'
This behavior is correct. But peer side (server side) parses as 'ecdsa-sha2-nistp384.'
type mismatch for decoded server_host_key_blob (kex:ecdsa-sha2-nistp256 blob:ecdsa-sha2-nistp384) @ handle_SSH2_dh_gex_reply
Hi and thanks for your fast reply.
Can you please tell me where I can do the workaround. - Change the order of HostKey. Where is the "ecdsa-sha2-nistp384 ...." stored?
Menu Setup->SSH->HostKey order.
To keep this config, please save setup from menu "Setup"->"Save setup"
Hi
Thanks for your answer and now it looks much better. Do you think this is a problem related to the firewall - that means - should I report that as an error to the firewall developer?
Another question: Is it possible to move all the config files either to the users directory %userprofile%\AppData\Local\Tereterm or to the ProgramData folder in c:\ProgramData\terraterm? As I am not running as local admin, I don't have (when logged in as me) permission to update ex. ssh_known_hosts?
Thanks a lot for helping.
Do you think this is a problem related to the firewall - that means - should I report that as an error to the firewall developer?
Yes.
move all the config files either to the users directory
new ticket #36575
Hi
I have until now used v4.86 but have today installed v4.86 on my new PC. I have had the same problem with v4.86 as well. I can log on to all my firewalls, but not one. The error message I get is: "type mismatch for decoded server_hos_key_blob (Kex:ecdsa-sha2-nistp256 blob:ecdsa-sha2-nistp384) @ handle_SSH_dh_gex_reply"
My other Sonicwall firewalls are working fine. I have managed to connect to the "bad" firewall using another SSH program.
I also have contacted Sonicwall support and they think there must be a problem in the program.
What can I do to sort out if it is "Tera Term" causing the problem? Do you want a packet trace of the communication?
I am not sure if that should have been submitted as a Bug report - I thought it maybe is the be best option to first conclude that the problem really is by Tera Term.
Have a nice day.
Thanks in advance