blog
Table des matières
3 billet(s) pour janvier 2026
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Pb ssh forward - Connection refused
Voir aussi : /proc/sys/net/ipv4/ip_unprivileged_port_start
ssh -R1443:web-app:443 vm_test
$ curl https://web-app:1443 curl: (7) Failed to connect to web-app port 1443: Connection refused
ou
$ curl https://web-app:1443 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to web-app:1443
Erreur retournée sur la console du tunnel ssh
connect to web-app port 443 failed: Permission denied
Solution
Le problème vient de SELinux
Sur la machine qui lance la commande ssh
sudo setsebool -P nis_enabled 1
Pb ssh - symbol lookup error /usr/lib64/libk5crypto.so.3 undefined symbol EVP_KDF_ctrl version OPENSSL_1_1_1b
$ ssh ssh: symbol lookup error: /usr/lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
Solution
unset LD_LIBRARY_PATH # ou env LD_LIBRARY_PATH= ssh
alias ssh='env LD_LIBRARY_PATH= ssh'
Pb ssh - no matching cipher found
$ ssh old-rhel3 Unable to negotiate with UNKNOWN port 65535: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
Solution
ssh -c aes128-cbc old-rhel3
ou mettre Ciphers +aes256-cbc dans le ~/.ssh/config pour ne pas à avoir ajouter systématiquement -c aes128-cbc
~/.ssh/config
Host old-rhel3
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
SetEnv TERM=linux
Ciphers +aes256-cbc
Pb ssh - no matching key exchange method found
$ ssh root@192.168.10.22 -p22 Unable to negotiate with 192.168.10.22 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 $ ssh root@192.168.10.22 -p22 -oKexAlgorithms=diffie-hellman-group1-sha1 Unable to negotiate with 192.168.10.22 port 22: no matching cipher found. Their offer: 3des-cbc
Solution
Ajouter les arguments :
-oKexAlgorithms=diffie-hellman-group1-sha1-c 3des-cbc(voir plus haut)
ssh root@192.168.10.22 -p22 -oKexAlgorithms=diffie-hellman-group1-sha1 -c 3des-cbc
Ou
$ ssh root@192.168.188.196 Unable to negotiate with 91.121.188.196 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
Solution
ssh -o HostKeyAlgorithms=+ssh-dss root@192.168.188.196
Autres
ssh -Q cipher
Pb smtp 451 internal resource temporarily
$ mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
3C15E419BB 94582 Thu Oct 1 17:45:14 jean@acme.fr
(host eu-smtp-inbound-1.mimecast.com[195.130.217.211] said: 451 Internal resource temporarily unavailable - http://kb.mimecast.com/Mimecast_Knowledge_Base/Administration_Console/Monitoring/Mimecast_SMTP_Error_Codes#451 (in reply to RCPT TO command))
CharlesHenry.DeLaRocheFoucault@HackMe.com
Solution :
Attendre !
Sinon, pour annuler l'envoi (Effacer le mail)
postsuper -d 3C15E419BB
Au début j'ai crus à un pb de majuscule : Bref tr A-Z a-z quoi. Puis j'ai pensé que ça pouvait venir du champ REPLY TO Il n'en est rien
blog.txt · Dernière modification : de 127.0.0.1