SSL handshake issue with AWS EC2
Hi,
The port number what you are accessing is 443, it is not seems to SSH. What server software is listening on 443? Tera Term does not handle SSL/TLS because Tera Term is a SSH client software.
I know that your hope is connect to the port 443 of your EC2 server. But what do you want to do? Use shell via SSH? Entrust SSL handshake to a software and talk HTTP protocol manually?
443 is the custom port. when i am trying to connect from working machine i can see the tcp handshake & then ssl handshake. but with non-working machine i can only see tcp handshake.
the data i captured in Wireshark.
If your "working machine" have Tera Term and it can login to EC2 server, I guess the causing factor is not a bug of Tera Term or ability of Tera Term. Probably usage of Tera Term, or settings of Tera Term, or setting of EC2 side, or network (filterling or firewall) issue.
I read the requirement field & i can see supported OS. working machine have windows 10 & non-working have server 2019.
is it correct, there is a limitation.
Requirements Supported operating systems:
Microsoft Windows 95 (*1) (*2) (*3) (*4) Microsoft Windows 98, 98 Second Edition Microsoft Windows Me Microsoft Windows NT 4.0 SP6 (*2) (*4) Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003, 2003 R2 Microsoft Windows Server 2008, 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 10
About supported OS list, only we don't have Widnows 2019 Server software and unable to run and check. We don't put limitation code designedly.
Try to check followings:
I tried to capture the traffic in different cases..
1. windows 10 machine:
2. windows server 2016 & 2019:-
I am not sure if its tera term issue or server issue. But with the wireshark logs i can clearly say the source is not initiating ssl handshake request.
i attached the screen shot of tera term, as how i am trying to connect.
Using netcat to check your connection to server from client.
port 22 (SSH)
nc shell.osdn.jp 22 SSH-1.99-OpenSSH_6.7p1 Debian-5+deb8u8
port 23 (telnet, Access Denied)
nc shell.osdn.jp 23
port 80 (WWW)
nc www.osdn.net 80 GET / HTTP/1.0 HTTP/1.1 301 Moved Permanently Date: Fri, 10 Jun 2022 13:12:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Server: Apache/2.4.25 (Debian) Location: https://osdn.net/
Using telnet
port 22 (SSH)
telnet shell.osdn.jp 22 Trying 44.236.100.252... Connected to shell.osdn.jp. Escape character is '^]'. SSH-1.99-OpenSSH_6.7p1 Debian-5+deb8u8
port 23 (telnet, Access Denied)
telnet shell.osdn.jp 23 Trying 44.236.100.252... telnet: Unable to connect to remote host: Connection timed out
i use to connect 443 & i can telnet the port perfectly.
I heard Windows 2019 server has ssh.exe. Can that ssh.exe connect to server ?
Usage of ssh.exe with port number:
C:\Users\maya>ssh.exe -v shell.osdn.jp 22 OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2 debug1: Connecting to shell.osdn.jp [44.236.100.252] port 22. debug1: Connection established. debug1: identity file C:\\Users\\maya/.ssh/id_rsa type -1 debug1: identity file C:\\Users\\maya/.ssh/id_rsa-cert type -1 debug1: identity file C:\\Users\\maya/.ssh/id_dsa type -1 debug1: identity file C:\\Users\\maya/.ssh/id_dsa-cert type -1 debug1: identity file C:\\Users\\maya/.ssh/id_ecdsa type -1 debug1: identity file C:\\Users\\maya/.ssh/id_ecdsa-cert type -1 debug1: identity file C:\\Users\\maya/.ssh/id_ed25519 type -1 debug1: identity file C:\\Users\\maya/.ssh/id_ed25519-cert type -1 debug1: identity file C:\\Users\\maya/.ssh/id_xmss type -1 debug1: identity file C:\\Users\\maya/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1 debug1: Remote protocol version 1.99, remote software version OpenSSH_6.7p1 Debian-5+deb8u8 debug1: match: OpenSSH_6.7p1 Debian-5+deb8u8 pat OpenSSH* compat 0x04000000 debug1: Authenticating to shell.osdn.jp:22 as 'maya' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:CZHWOCUwQFZD+sD41mukreoxzLYhKZffs+EKXDCK1L0 debug1: read_passphrase: can't open /dev/tty: No such file or directory The authenticity of host 'shell.osdn.jp (44.236.100.252)' can't be established. ECDSA key fingerprint is SHA256:CZHWOCUwQFZD+sD41mukreoxzLYhKZffs+EKXDCK1L0. Are you sure you want to continue connecting (yes/no/[fingerprint])?
Please let us know each of results:
You can hide IP address and hostname from the log.
And your network configuration like this?
Tera Term | |
Your Network | Internet | AWS
| |
+-----------------+ with TTProxy? +---------------+ | |
| +---+------------->| | | |
| Windows 10 | | | Web Proxy +----+ | |
| +-------+ | | | | |
+-----------------+ | | +---------------+ | | |
| | | | |
+-----------------+ | | | +----+---+ +-+------------------+ +---------------+
| +---+ | +--->| | | | | |
| Windows 2016 | | | Direct (without proxy) | GW +--------->| Security Group +------>| EC2 Server |
| +-------+----------------------------------->| | | Inbound rule | | sshd:443 |
+-----------------+ | | +----+---+ | | | |
| | | +-+------------------+ +---------------+
+-----------------+ | | | All accesses |
| +---+ | | (with/without |
| Windows 2019 | | | proxy) are |
| +-------+ | from same IP |
+-----------------+ | address? |
I am using 4.106 tera term version. trying to make connection to the AWS EC2 instance from VM & tcp handshake is happening but SSL handshake is not happening. I am using SSH port 443 with version 2.
I do not get user authentication window after hitting connect.
I can connect from end user machine instead of VM.
please let us know if any additional settings required here.