Re: key exchange fails in ssh_connect using libssh 0.10.4

[Norbert Pocs <npocs@xxxxxxxxxx>]

Hi Thomas,

I see the server -

 no match for method kex algos: server
[diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]

has only sha1 kex methods enabled, which are disabled by default in version
0.10 of libssh. Try to enable
the needed kex methods in the configuration file or try to avoid using sha1
if possible.

Hope this helps!

Regards
Norbert Pócs


On Mon, Jan 9, 2023 at 3:03 PM Jijo Thomas <jijo7thomas@xxxxxxxxx> wrote:

> Hey folks,
>
> I'm trying to use a ssh_connect using a recently compiled libssh 0.10.4
> (using openssl 1.1.1k)
> But we ran into a key exchange error. Following is the log.
>
> [2023/01/09 16:37:44.874356, 2] ssh_connect:  libssh 0.10.4 (c) 2003-2022 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_winlock
> [2023/01/09 16:37:44.881334, 3] getai:  host x.x.x.x matches an IP address
> [2023/01/09 16:37:44.885324, 2] ssh_socket_connect:  Nonblocking connection socket: 512
> [2023/01/09 16:37:44.887321, 2] ssh_connect:  Socket connecting, now waiting for the callbacks to work
> [2023/01/09 16:37:44.887903, 3] ssh_connect:  Actual timeout : 10000
> [2023/01/09 16:37:45.139544, 3] ssh_socket_pollcallback:  Received POLLOUT in connecting state
> [2023/01/09 16:37:45.140542, 1] socket_callback_connected:  Socket connection callback: 1 (0)
> [2023/01/09 16:37:45.140542, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
> [2023/01/09 16:37:45.376008, 3] callback_receive_banner:  Received banner: SSH-2.0-Cisco-1.25
> [2023/01/09 16:37:45.377005, 2] ssh_client_connection_callback:  SSH server banner: SSH-2.0-Cisco-1.25
> [2023/01/09 16:37:45.377005, 2] ssh_analyze_banner:  Analyzing banner: SSH-2.0-Cisco-1.25
> [2023/01/09 16:37:45.390968, 3] ssh_client_select_hostkeys:  Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256"
> [2023/01/09 16:37:45.391964, 1] ssh_known_hosts_read_entries:  Failed to open the known_hosts file 'C:\Users\xxxxx/.ssh/known_hosts': No such file or directory
> [2023/01/09 16:37:45.391964, 1] ssh_known_hosts_read_entries:  Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
> [2023/01/09 16:37:45.391964, 3] ssh_client_select_hostkeys:  No key found in known_hosts; changing host key method to "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256"
> [2023/01/09 16:37:45.391964, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
> [2023/01/09 16:37:45.391964, 3] packet_send2:  packet: wrote [type=20, len=852, padding_size=7, comp=844, payload=844]
> [2023/01/09 16:37:45.392965, 3] ssh_send_kex:  SSH_MSG_KEXINIT sent
> [2023/01/09 16:37:45.626340, 3] ssh_packet_socket_callback:  packet: read type 20 [len=308,padding=4,comp=303,payload=303]
> [2023/01/09 16:37:45.627339, 3] ssh_packet_process:  Dispatching handler for packet type 20
> [2023/01/09 16:37:45.627339, 1] ssh_kex_select_methods:  kex error : no match for method kex algos: server [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1], client [curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256]
> [2023/01/09 16:37:45.627339, 3] ssh_connect:  current state : 9
>
>
> It is still working fine using libssh 0.9.4 dll
>
> It could be something I missed while compiling the new library. I had created the solution using cmake, and compiled the ssh.dll using Visual Studio 2017.
> Any leads to solve the problem is appreciated.
>
>
> Regards,
>
> Jijo
>
>