Hi,

Looks like I rushed in to conclusions too early afterall :).

$ echo Host jpl0374.local >> ~/.ssh/config
$ echo Ciphers +aes128-cbc >> ~/.ssh/config
$ ssh ovms@jpl0374.local
The authenticity of host 'jpl0374.local (192.168.0.157)' can't be established.
RSA key fingerprint is SHA256:ySo795OLgEvIXqhzR+nh7wqy82ohg4Bw0rh0DE1bsC8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'jpl0374.local,192.168.0.157' (RSA) to the list of known hosts.
ovms@jpl0374.local's password:

Welcome to the Open Vehicle Monitoring System (OVMS) - SSH Console
Firmware: 3.2.005-81-g00ab9db/ota_1/edge
Hardware: OVMS WIFI BLE BT cores=2 rev=ESP32/1

OVMS#

I can't believe how did I miss this clear note...:

A note about OpenSSH: with version 6.6, cipher aes128-cbc has been disabled by default and needs to be enabled manually, either on the command line:

ssh -c aes128-cbc user@ip

…or by adding a host entry to your ~/.ssh/config.

Regards,

Jaunius

Sent: Sunday, October 27, 2019 at 7:49 PM
From: "Michael Balzer" <dexter@expeedo.de>
To: ovmsdev@lists.openvehicles.com
Subject: Re: [Ovmsdev] SSH Access

…or allow the cipher manually as shown in the documentation:

https://docs.openvehicles.com/en/latest/userguide/console.html#ssh-console

Am 27.10.19 um 18:45 schrieb Michael Balzer:

Jaunius,

I don't see your explanation… that note just tells you you can ssh via GSM into the module if your data plan supports it, which has btw been done successfully by some users and is considered useful.

If you have correctly put your public key into the config store as documented, maybe you've missed the cipher deprecation issue.
You need to add a host entry to your ~/.ssh/config like this:

> cat ~/.ssh/config
Host dexze85.local
Ciphers +aes128-cbc

Regards,
Michael

Am 27.10.19 um 18:38 schrieb Jaunius Kapkan:
Okay, this explains it :)

https://raw.githubusercontent.com/openvehicles/Open-Vehicle-Monitoring-System-3/master/vehicle/OVMS.V3/knownissues.txt
* SSH, TELNET, and WEBSERVER all register listeners for incoming calls. There
  is a possible security issue here as those calls may come over cellular
  networks (not just wifi). There is no firewalling of these calls. It seems
  that the correct approach to this is to validate the destination IP to
  make sure it is a wifi interface IP address; but this is not currently
  done.
Sent: Sunday, October 27, 2019 at 7:33 PM
From: "Jaunius Kapkan" <jaunius@gmx.com>
To: ovmsdev@lists.openvehicles.com
Subject: [Ovmsdev] SSH Access

Hi,

I have been strugling getting SSH working for some time now. Tried both password access and key auth. I think the same issue was discussed before for V3, but I have not seen the final rezolution.

Verbose output from client side:

debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0
debug1: no match: wolfSSHv1.1.0
debug1: Authenticating to 192.168.0.157:22 as 'ovms'
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 192.168.0.157 port 22

Regards,

Jaunius

_______________________________________________ OvmsDev mailing list OvmsDev@lists.openvehicles.com http://lists.openvehicles.com/mailman/listinfo/ovmsdev
_______________________________________________
OvmsDev mailing list
OvmsDev@lists.openvehicles.com
http://lists.openvehicles.com/mailman/listinfo/ovmsdev
--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
_______________________________________________
OvmsDev mailing list
OvmsDev@lists.openvehicles.com
http://lists.openvehicles.com/mailman/listinfo/ovmsdev

--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26

_______________________________________________ OvmsDev mailing list OvmsDev@lists.openvehicles.com http://lists.openvehicles.com/mailman/listinfo/ovmsdev