Using Remote System Explorer Plugin in S32 Design Studio

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using Remote System Explorer Plugin in S32 Design Studio

Jump to solution
1,729 Views
tbuschendorf
Contributor II

I'm trying to use the S32 Design Studio remotely from a Windos 10 machine to an Ubuntu machine. While trying to establish any kind of remote connection via S32 Design Studio i get an error.

eclipse_ssh.png

Eclipse Community Forums: Newcomers » RSEG1066 Negotiation Failed

That article says that the conncetion is not possible because the Remote System Explorer plugin does not support RSA-SHA2-256 or RSA-SHA2-512 so OpenSSH does not accept the requests.

Has anybody tried something similar?

1 Solution
1,453 Views
tbuschendorf
Contributor II

I didnt get the time to update the version of my ssh server but i found a workaround by adding some line to my /etc/ssh/sshd_config

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256 
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 

This works for me now but is pretty unsecure because i am forcing my ssh server to accept outdated ciphers.

View solution in original post

0 Kudos
Reply
6 Replies
1,454 Views
tbuschendorf
Contributor II

I didnt get the time to update the version of my ssh server but i found a workaround by adding some line to my /etc/ssh/sshd_config

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256 
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 

This works for me now but is pretty unsecure because i am forcing my ssh server to accept outdated ciphers.

0 Kudos
Reply
1,631 Views
jiri_kral
NXP Employee
NXP Employee

Hi, 

I did quick test - and the Remote System Explorer works as expected. I tested it with S32DS foi Power Architecture v2.1:(I'm not sure what's your version). 

jiri_kral_1-1683645193490.png

 

Is ssh server running on your Linux machine and you are able connect to your Linux machine for example by Putty or WinSCP? Your ssh settings is correct (IP address or host name/keys)? 

 

 

 

 

 

0 Kudos
Reply
1,598 Views
tbuschendorf
Contributor II

Hi,

i'm using S32 Design Studio for S32 Platform 3.5 and my SSH Server on the linux host is working correctly and can successfully connect to it via putty or Windows PowerShell. As far as i know the SSH Server is using the default settings on Ubuntu 20.04. I was able to use the FTP connection on RSE but i need the SSH connection.

0 Kudos
Reply
1,590 Views
jiri_kral
NXP Employee
NXP Employee

Hi, 

thank you for sharing details. I tested it with S32DS v3.5 and ssh connection is working as well. Bellow  is my sshd conf file. You can compare it with your conf file (on my side there is nothing to include from /'etc/ssh/sshd_config.d directory). sshd version is 8.4p1.

 

# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

0 Kudos
Reply
1,583 Views
tbuschendorf
Contributor II

Thanks for the help my sshd_config looks identical but i noticed that my ssh version is at 8.2p1 i will try to upgrade it in the next days and will come back to that.

0 Kudos
Reply
1,673 Views
mikedoidge
NXP Employee
NXP Employee

Hello,

We are currently investigating this issue and will get back with you shortly.

Best Regards,

Mike

0 Kudos
Reply