Perhaps the following is helpful in tracing the problem. It is an excerpt from /var/log/auth.log covering the ssh login from the iPad on the server (srv01) in the situation described earlier, logged at LogLevel DEBUG3:
Mar 23 08:33:14 srv01 sshd[1782]: Connection from ***.***.***.66 port 59484 on ***.***.***.34 port ***22 Mar 23 08:33:14 srv01 sshd[1782]: debug1: Client protocol version 2.0; client software version OpenSSH_5.4 Mar 23 08:33:14 srv01 sshd[1782]: debug1: match: OpenSSH_5.4 pat OpenSSH_5* compat 0x0c000000 Mar 23 08:33:14 srv01 sshd[1782]: debug1: Enabling compatibility mode for protocol 2.0 Mar 23 08:33:14 srv01 sshd[1782]: debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.1 Mar 23 08:33:14 srv01 sshd[1782]: debug2: fd 3 setting O_NONBLOCK Mar 23 08:33:14 srv01 sshd[1782]: debug2: Network child is on pid 1783 Mar 23 08:33:14 srv01 sshd[1782]: debug3: preauth child monitor started Mar 23 08:33:14 srv01 sshd[1782]: debug3: privsep user:group 104:65534 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: permanently_set_uid: 104/65534 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: list_hostkey_types: ssh-ed25519,ssh-rsa [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: SSH2_MSG_KEXINIT sent [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: SSH2_MSG_KEXINIT received [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: ssh-ed25519,ssh-rsa [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes256-ctr,aes192-ctr [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes256-ctr,aes192-ctr [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: none,z...@openssh.com [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: none,z...@openssh.com [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: reserved 0 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: hmac-sha2-512-...@openssh.com,hmac-sha2-512,hmac-sha2-256-...@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: hmac-sha2-512-...@openssh.com,hmac-sha2-512,hmac-sha2-256-...@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: zlib,z...@openssh.com,none [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: zlib,z...@openssh.com,none [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug2: kex_parse_kexinit: reserved 0 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: kex: client->server aes192-ctr hmac-sha2-512-...@openssh.com z...@openssh.com [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: kex: server->client aes192-ctr hmac-sha2-512-...@openssh.com z...@openssh.com [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug3: mm_request_send entering: type 0 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug3: mm_request_receive_expect entering: type 1 [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug3: mm_request_receive entering [preauth] Mar 23 08:33:14 srv01 sshd[1782]: debug3: mm_request_receive entering Mar 23 08:33:14 srv01 sshd[1782]: debug3: monitor_read: checking request 0 Mar 23 08:33:14 srv01 sshd[1782]: debug3: mm_answer_moduli: got parameters: 1024 1536 2048 Mar 23 08:33:14 srv01 sshd[1782]: WARNING: no suitable primes in /etc/ssh/primes -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1528251 Title: WARNING: no suitable primes in /etc/ssh/primes Status in openssh package in Ubuntu: Incomplete Bug description: For instance when the KexAlgorithms option in sshd_config is set to include Diffie Hellman group exchange (e.g. diffie-hellman-group-exchange-sha256), and the /etc/ssh/moduli file is regenerated to include only 4096 bit primes, the ssh server may log the above warning message to /var/log/auth.log, probably because the ssh client trying to log in does not allow for the use of 4096 bit primes during the key exchange. The alleged problem is the reference to /etc/ssh/primes instead of /etc/ssh/moduli. It would appear that the file /etc/ssh/primes is neither used by ssh server, nor documented. I note that this error appears to have been reported in several places on the web in the past years, but to no avail (e.g. http://misc.openbsd.narkive.com/tZPNEoZk/no-suitable-primes) Release: Ubuntu 14.04.3 LTS Package: openssh-server, Version: 1:6.6p1-2ubuntu2.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1528251/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
