An update. I didn't find a simpler solution and Zimbra is researching and investigating. If your backups are not working and you can't see your mail queues via the gui console, please reference ZBUG-2191 if you open a support ticket.
It's an incompatibility with the built-in ssh client in mailboxd and the RHEL6/Centos6 sshd daemon.
Here is the output from the failed converstation with the default sshd if anyone has any ideas:
Code: Select all
debug1: Client protocol version 2.0; client software version APACHE-SSHD-2.6.0
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
root cause: userauth_pubkey: unsupported public key algorithm: rsa-sha2-512
userauth_pubkey: unsupported public key algorithm: rsa-sha2-512
followed by:
Connection closed by X.X.X.X
This is the default RHEL6 sshd -T output:
Code: Select all
ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
macs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
kexalgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
and the working compiled sshd (7.4p1)
Code: Select all
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
I was hoping to find a way to downgrade this protocol exchange but mailboxd is pretty much a mystery to me how it works and what capabilities it has for unit testing if any. I am fine with updating my sshd but was hoping to find a simpler solution for those in the community that might not work for.
Jim