[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SUPPORT REQUEST] Configuration of libssh host key algos on client


On Mon, 2020-05-25 at 15:52 +0000, Sebastian Kraust wrote:
> Hello libssh-team,
> 
> I am currently working on a project using libssh under the hood, but
> have problems to get it to work. I hope you can provide some help.
> 
> Task
> Write a client for an existing server which cannot be
> changed/configured by me.
> 
> Approach
> Connect to the server using the function `ssh_connect`.
> 
> Error
> kex error : no match for method server host key algo: server [ssh-
> rsa], client [ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-
> nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256]
> 
> Problem
> Due to the restriction that I can only change the client side, I have
> to change the client so that it accepts the ssh-rsa algo.
> According to the docs, it should be capable of doing so.
> 
> Troubleshooting so far
> Added
> PubkeyAcceptedKeyTypes ssh-ed25519*,ssh-rsa*,ssh-dss*,ecdsa-sha2
> to /etc/ssh/sshd_config to allow every algo on the client side.
> 
> I still get the same error. I do believe that the config might not be
> the correct file to configure libssh.
> 
> Can you give me some direction where I have to configure libssh so
> that the client also accepts the ssh-rsa algorithm? If you need more
> information, please let me know.

The server is configured to accept only secure algorithms (eddsa, ecdsa
and rsa with sha2 -- rsa-sha2-512,rsa-sha2-256). You probably
configured your client to use only the old (ssh-rsa), which is not
compatible with the new ones (and not considered secure anymore).

If you need some backward compatibility with old server, append the
SHA2 (rsa-sha2-512,rsa-sha2-256) algorithms, otherwise use only them.

Regards,
Jakub

> Thanks for your help in advance.
> 
> 
> Mit freundlichen Grüßen / Best regards
> 
> i.A. Sebastian Kraust
> Forschungsingenieur / Research Engineer
> 
> b-plus GmbH
> Osterhofener Str. 13 | 93055 Regensburg
> Tel +49 941 46624 208 | Fax +49 991 270302 99
> sebastian.kraust@xxxxxxxxxx
> 
> Besucheradresse / Visitor address:
> b-plus automotive GmbH
> Osterhofener Str. 13, 93055 Regensburg, Germany
> 
> Website<http://www.b-plus.com/> | XING<
> https://www.xing.com/companies/b-plusgmbh> | FACEBOOK<
> https://www.facebook.com/bplusGmbH/> | LinkedIn<
> https://www.linkedin.com/company/b-plus-gmbh/>
> [cid:image003.jpg@01D632BD.3948FA20]<
> https://www.b-plus.com/de/news-events/newsansicht/article/b-plus-gehoert-zu-bayerns-best-50.html
> >
> 
> b-plus GmbH
> Geschäftsführer / Managing Director: Dipl.-Ing.(FH) Michael Sieg
> Gerichtsstand /Handelsregister / Place of jurisdiction / Commercial
> register: HRB 1753 Deggendorf / Germany
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
> E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
> Absender und löschen Sie diese Mail. Das unerlaubte Kopieren sowie
> die unbefugte Weitergabe dieser Mail ist nicht gestattet.
> This e-mail may contain confidential and/or privileged information.
> If you are not the intended recipient (or have received this e-mail
> in error) please notify the sender immediately and delete this e-
> mail. Any unauthorized copying, disclosure or distribution of the
> contents in this e-mail is strictly forbidden.
> 
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.


Follow-Ups:
AW: [SUPPORT REQUEST] Configuration of libssh host key algos on clientSebastian Kraust <sebastian.kraust@xxxxxxxxxx>
References:
[SUPPORT REQUEST] Configuration of libssh host key algos on clientSebastian Kraust <sebastian.kraust@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org