F-Secure SSH Client for MacOS 9

[Opardalis]

Anybody have a copy? I used this all the time back in the 2000's on OS 9 machines. Very good SSH client. The company is still around, but sort of re-branded themselves around cloud and vpn solutions. After some googling, I found some university sites referencing it, but all the links are dead. I used to have it, but cant seem to find it.

I mainly want to try to see if it behaves better then MacSSH. I cant seem to get MacSSH to connect to any modern UNIX systems.

 

[IPalindromeI]

IIRC, it's SSH1 only, which OpenSSH upstream has mercifully killed. AFAIK, MacSSH is the only SSH2 client.

Now, I've heard rumours of someone porting libssh2 and mbedTLS to the classic Mac OS - watch this space...

 

[MarkT_a1b]

... I've heard rumours of someone porting libssh2 and mbedTLS to the classic Mac OS - watch this space...

Has there been any progress made with the above-referenced port - or any other such?  MacSSH is no longer capable of connecting to my UNIX ISP, which has forced the use of PuTTY on a PeeCee, but I would really like to regain connectivity under Mac OS 9.  Thanks!

 

[CC_333]

Is MacSSH open source?

...goes to check...

Well, it appears to be on Sourceforge, but that doesn't necessarily mean the source code is available, but if it is, maybe one can update it with newer SSH ciphers and such?

Other than that, I'm not sure....

c

 

[PowerPup]

Has there been any progress made with the above-referenced port - or any other such?  MacSSH is no longer capable of connecting to my UNIX ISP, which has forced the use of PuTTY on a PeeCee, but I would really like to regain connectivity under Mac OS 9.  Thanks!

I'm not sure I know what "UNIX ISP" means... Is that a UNIX VPS that you have through your ISP? Do you know how its SSH server is configured, such as which ciphers are allowed?

MacSSH seems to support a fair number of encryption ciphers and message authentication codes (macs): http://chombier.free.fr/MacSSH/SSH_info.html

Features:
 - DEC VT100, VT220, ANSI and Linux Terminal emulations
 - SSH2 protocol support
 - Local and Remote Port Forwarding support
 - Key exchange: Diffie-Hellman group-exchange protocol & Diffie-Hellman group1-sha1
 - Key types: ssh-rsa, ssh-dss
 - Key pairs generation: SSH2 DSA & RSA.
 - Strict host key checking
 - SSH2 ciphers: 3DES, Blowfish, CAST128, Arcfour, AES (128, 192, 256)
 - Supported macs: md5, md5-96, sha1, sha1-96, ripemd160
 - AppleScript support

If we could figure out what your UNIX box supports, or if you have admin privileges to edit the SSH server's settings, you could get MacSSH working again. (Granted, it'd be more secure to get MacSSH updated than to lower the accepted cipher standards on your UNIX box.)

I'm currently taking a Computer Security course as an elective for my Senior year. We recently did a project on our own variant of the DES cipher. (3DES is just doing it 3 times using cipher block chaining.) Maybe this summer I'll look at setting up a development environment for MacSSH or something.

But without knowing what needs to be implemented there's little point. The only thing I can currently guess is that MacSSH doesn't support the SHA-2 family of macs. (SHA-256, SHA-512, etc.)

Oh, and it looks like someone uploaded MacSSH's code to GitHub: https://github.com/macssh/macssh

 

[MarkT_a1b]

Thanks for the spot-on info., PowerPup! Here is a recent PuTTY connection log, with dates and times removed for clarity:

Looking up host "host.name"

Connecting to [server IP address] port 22

Server version: SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901

Using SSH protocol version 2

We claim version: SSH-2.0-PuTTY_Release_0.62

Doing Diffie-Hellman group exchange

Doing Diffie-Hellman key exchange with hash SHA-256

Host key fingerprint is:

ssh-rsa 2048 ab:a4:44:94:63:c9:b8:0f:ca:44:eb:2a:1a:75:ba:5f

Initialised AES-256 SDCTR client->server encryption

Initialised HMAC-SHA1 client->server MAC algorithm

Initialised AES-256 SDCTR server->client encryption

Initialised HMAC-SHA1 server->client MAC algorithm

Attempting keyboard-interactive authentication

Access granted

Opened channel for session

Allocated pty (ospeed 38400bps, ispeed 38400bps)

Started a shell/command

Server sent command exit status 0

[SIZE=12pt]Disconnected: All channels closed[/SIZE]

---------------------------

[SIZE=12pt]MacSSH is so far encountering authentication errors, but I will continue to experiment and report back.  MarkT[/SIZE]

 

[MarkT_a1b]

... [SIZE=12pt]MacSSH is so far encountering authentication errors, but I will continue to experiment and report back.  MarkT[/SIZE]

[SIZE=12pt]Here is what I have tried lately with MacSSH:[/SIZE]

[SIZE=12pt]Created new private and public keys, and uploaded the latter, after executing the following commands on the SSH2 server:[/SIZE]

[SIZE=12pt]> mkdir .ssh[/SIZE]

[SIZE=12pt]> chmod 700 .ssh[/SIZE]

At administrator's recommendation, deleted the first and last lines of MacSSH public key ([SIZE=10pt]---- BEGIN SSH2 PUBLIC KEY ---- and ---- END SSH2 PUBLIC KEY ----[/SIZE]), and prefixed first line with [SIZE=10pt]ssh-rsa [/SIZE]<space> (just ahead of AAAA).

Renamed file to  "authorized_keys" (no quotes), and then uploaded that file to the above-created .ssh directory.

[SIZE=12pt]Meanwhile, here are the specifications of the SSH2 server:[/SIZE]

[SIZE=12pt]Server version: SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901[/SIZE]
 

[SIZE=12pt]This makes me think that MacSSH *should* work - if properly configured.[/SIZE]

In any case, I do have MacSSH logs that I would be willing to share back-channel, if anyone is interested.

Thanks!  MarkT

 

[techknight]

I have been wanting to run MacSSH, but not sure if it would support my server either. 

It is setup to login using Putty with keyset, and not a password. 

 

[MarkT_a1b]

It is setup to login using Putty with keyset, and not a password. 

That is exactly what I have been doing, but I have to stoop to using PuTTY on a *PeeCee* to do it. <grin>  (BTW, my remote UNIX server calls that type of authentication "keyboard-interactive.")

I *could* re-boot the G4 under Mac OS Ex, and then use the Terminal, but considering the other programs that I normally have running at the same time, I would much prefer to remain under OS 9.

[SIZE=12pt]In any case, considering that the remote server is running SSH 2.0, MacSSH *should* be able to connect to it.  [/SIZE]Stay tuned....  MarkT

 

[MarkT_a1b]

Here follows a MacSSH connection log that I previously sent back-channel to a knowledgeable source, but since it contains no sensitive personal information, I will re-post it here:

Below is what I believe to be the relevant portion of the MacSSH log.  I have encryption turned off, with authentication set to cycle through the available methods.  It looks to me as though the client and server begin to communicate, followed by an attempt to exchange keys, but for some reason that fails.  I have tried three [and by now five] variations of the MacSSH-produced public key file: exactly as exported; with the first and last (comment) lines deleted, and the suggested ssh-rsa prefix ahead of AAAA; and exactly as exported, except for the addition of just the above-referenced ssh-rsa prefix.

lsh: Initiating handshake with shell.qozzy.net
lsh: empty_resource_list: created 3d2ea998
lsh: io.c: Preparing fd 9 for reading and writing
lsh: do_arcfour_random_slow: Initalizing randomness pool.
lsh: Client version: SSH-2.0-lsh_1.3.4 - a free ssh2 on MacOS9

lsh: Server version: SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901
lsh: Received KEXINIT message. Key exchange initated.
lsh: Selected keyexchange algorithm: diffie-hellman-group1-sha1 with hostkey algorithm: ssh-rsa
lsh: keyexchange.c:209: Unknown: Raising exception Algorithm negotiation failed. (type 4096), using handler installed by connection.c:282: Unknown
lsh: Protocol error: Algorithm negotiation failed.
lsh: connection.c:214: Unknown: Raising exception Stop reading (type 65538), using handler installed by handshake.c:362: Unknown
lsh: io.c: close_fd_nicely called on fd 9: connected socket
lsh: io.c: Closing fd 9: connected socket.
lsh: Connection died.

-----------------

I have also tried various other MacSSH settings, including terminal type, and even though http://chombier.free.fr/MacSSH/SSH_info.html (as cited above) says that the program supports Diffie-Hellman group1-sha1 and key types ssh-rsa and ssh-dss, I am beginning to believe that it is not quite up to connecting with the remote server's SSH-2.0-OpenSSH_6.1_hpn13v11 - as also cited above.

Comments and suggestions are most welcome.  Thanks!  MarkT

 

[techknight]

thats because the server is requesting an algorithm that is newer and doesnt exist in MacSSH. Personally, I think its SHA1 because its broken and not really supported anymore. 

 

[MarkT_a1b]

I think its SHA1 because its broken and not really supported anymore.

The remote UNIX server claims to be using SHA1.  In any case, if the source code is indeed available at https://github.com/macssh/macssh - then perhaps some intrepid coder can modify and recompile it for compatibility with current SSH 2.0 servers.  Here's hoping....

 

[PowerPup]

So I looked up OpenSSH's FreeBSD man page: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)

(I've made some lines bold and/or italic for emphasis.)

KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms. Multiple
algorithms must be comma-separated. Alternately if the specified
value begins with a `+' character, then the specified methods
will be appended to the default set instead of replacing them.
The supported algorithms are:

curve25519-sha256@libssh.org
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

The default is:

curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1

The list of available key exchange algorithms may also be
obtained using the -Q option of ssh(1) with an argument of
``kex''.

MacSSH appears to be failing during the Key Exchange Algorithm Negotiation because, although "diffie-hellman-group1-sha1" is supported, OpenSSH does not have it enabled by default. (But it does have "diffie-hellman-group-exchange-sha256" enabled which PuTTY supports.) See if you can get your server to allow diffie-hellman-group1-sha1 and then check how far MacSSH gets.

 

[IPalindromeI]

Keep in mind this won't last forever; OpenBSD upstream aggressively removes support for older busted crypto.

The ideal would be for someone to graft a newer lsh onto MacSSH, graft a modern SSH stack onto MacSSH, or just backport protocols.

 

[MarkT_a1b]

The ideal would be for someone to graft a newer lsh onto MacSSH, graft a modern SSH stack onto MacSSH, or just backport protocols.

That is beyond my abilities and facilities, but if someone is willing to take a stab at it, I will be more than happy to test the Alpha, Beta and "release" versions.  Any takers?? <g>