[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Help: Create a client to connect to SSH server, but it does not support ssh-dss
[Thread Prev] | [Thread Next]
- Subject: RE: Help: Create a client to connect to SSH server, but it does not support ssh-dss
- From: "CHANG, QUANSHENG" <laurence.chang@xxxxxxxxxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 25 Aug 2020 18:26:34 +0000
- To: "libssh@xxxxxxxxxx" <libssh@xxxxxxxxxx>
Hi Jakub, Thank you very much for the answer. I really appreciate it. I did not know the ssh-dss is almost out of date. I will try to update the server to see if it has newer key generate algorithm. Best regards Laurence -----Original Message----- From: Jakub Jelen <jjelen@xxxxxxxxxx> Sent: Tuesday, August 25, 2020 2:19 PM To: libssh@xxxxxxxxxx Subject: Re: Help: Create a client to connect to SSH server, but it does not support ssh-dss On 8/24/20 9:39 AM, Anderson Sasaki wrote: > > > ----- Original Message ----- >> From: "QUANSHENG CHANG" <laurence.chang@xxxxxxxxxxxxxxxxxxxxx> >> To: libssh@xxxxxxxxxx >> Sent: Friday, August 21, 2020 11:42:31 PM >> Subject: Help: Create a client to connect to SSH server, but it does >> not support ssh-dss >> >> Hi Everyone, >> >> The libshh_0.9.3.2 was installed by vcpkg on my computer. The Visual >> C++ >> 2015 is being used as developing tool. Platform: Windows 10 64bit. >> >> I am writing a client program which connect to different SSH servers. >> It works for most of servers, but one server I got error message like: >> >> no match for method server host key algo: server [ssh-dss], client >> [ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp >> 256,rsa-sha2-512,rsa-sha2-256,ssh-rsa] >> >> I added ssh_options_set(my_ssh_session, SSH_OPTIONS_HOSTKEYS, >> "ssh-dss,ecdh-sha2-nistp256"); in my code, but it still not work. >> >> Any suggestion, how to make the libssh support ssh-dss ? > > Hello, > > I believe libssh in vcpkg is compiled using mbed TLS as the crypto back end. Unfortunately, mbed TLS doesn't support DSA. > You can compile libssh using OpenSSL as the backend to have ssh-dss support. > > If you have control over that server, I strongly suggest updating it to support modern algorithms. Or even better update server with some more secure host keys (or talk with the server administrator to do so). DSA security is really questionable and you should not depend on it in any for any production servers. Additionally, it will be disabled in the future libssh versions out of the box for all crypto backends. Regards, -- Jakub Jelen Senior Software Engineer Crypto Team, Security Engineering Red Hat, Inc.
| Help: Create a client to connect to SSH server, but it does not support ssh-dss | "CHANG, QUANSHENG" <laurence.chang@xxxxxxxxxxxxxxxxxxxxx> |
| Re: Help: Create a client to connect to SSH server, but it does not support ssh-dss | Anderson Sasaki <ansasaki@xxxxxxxxxx> |
| Re: Help: Create a client to connect to SSH server, but it does not support ssh-dss | Jakub Jelen <jjelen@xxxxxxxxxx> |